Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.08.2014, 17:34   #1
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Die Seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich zig mal in meinem Standardbrowser Opera seit heute Vormittag. Avira und Malwarebytes fanden bereits zig verdächtige Dateien, die ich anschließend in Quarantäne verschoben habe.

Die Logs dazu sind die folgenden.

Avira:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 1. August 2014  07:40


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : THINKPAD

Versionsinformationen:
BUILD.DAT      : 14.0.5.464     91868 Bytes  02.07.2014 13:06:00
AVSCAN.EXE     : 14.0.5.396   1042512 Bytes  03.07.2014 18:08:35
AVSCANRC.DLL   : 14.0.5.364     62544 Bytes  03.07.2014 18:08:35
LUKE.DLL       : 14.0.5.336     57936 Bytes  03.07.2014 18:08:43
AVSCPLR.DLL    : 14.0.5.376     89680 Bytes  03.07.2014 18:08:35
AVREG.DLL      : 14.0.5.356    261200 Bytes  03.07.2014 18:08:33
avlode.dll     : 14.0.5.396    588368 Bytes  03.07.2014 18:08:32
avlode.rdf     : 14.0.4.42      65114 Bytes  17.07.2014 16:14:34
XBV00008.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00009.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00010.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00011.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00012.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00013.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00014.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00015.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00016.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00017.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00018.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00019.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:02
XBV00020.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00021.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00022.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00023.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00024.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00025.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00026.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00027.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00028.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00029.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00030.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00031.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00032.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00033.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00034.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00035.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00036.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00037.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00038.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00039.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00040.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00041.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 20:17:03
XBV00225.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00226.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00227.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00228.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00229.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00230.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00231.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00232.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00233.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00234.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00235.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00236.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00237.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:54
XBV00238.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00239.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00240.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00241.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00242.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00243.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00244.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00245.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00246.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00247.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00248.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00249.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00250.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00251.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00252.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00253.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00254.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00255.VDF   : 8.11.159.102     2048 Bytes  08.07.2014 16:47:55
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 17:46:42
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 17:46:44
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 16:51:50
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 16:14:58
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 16:20:07
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 16:32:13
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 08:42:02
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 19:05:30
XBV00042.VDF   : 8.11.153.142   710656 Bytes  06.06.2014 20:17:04
XBV00043.VDF   : 8.11.155.44  1013760 Bytes  16.06.2014 20:17:04
XBV00044.VDF   : 8.11.159.102  1662976 Bytes  08.07.2014 16:47:47
XBV00045.VDF   : 8.11.159.104    13824 Bytes  08.07.2014 16:47:47
XBV00046.VDF   : 8.11.159.108    13312 Bytes  08.07.2014 16:47:47
XBV00047.VDF   : 8.11.159.112    30720 Bytes  09.07.2014 16:47:47
XBV00048.VDF   : 8.11.159.114     6144 Bytes  09.07.2014 16:47:47
XBV00049.VDF   : 8.11.159.116    10240 Bytes  09.07.2014 16:47:47
XBV00050.VDF   : 8.11.159.118     5632 Bytes  09.07.2014 16:47:47
XBV00051.VDF   : 8.11.159.122     7168 Bytes  09.07.2014 16:47:47
XBV00052.VDF   : 8.11.159.126   180736 Bytes  09.07.2014 16:47:48
XBV00053.VDF   : 8.11.159.148   174080 Bytes  09.07.2014 22:47:41
XBV00054.VDF   : 8.11.159.168     2560 Bytes  09.07.2014 22:47:41
XBV00055.VDF   : 8.11.159.188    15360 Bytes  09.07.2014 22:47:41
XBV00056.VDF   : 8.11.159.210    25600 Bytes  09.07.2014 19:32:07
XBV00057.VDF   : 8.11.159.212     7168 Bytes  09.07.2014 19:32:08
XBV00058.VDF   : 8.11.159.218    27648 Bytes  10.07.2014 19:32:08
XBV00059.VDF   : 8.11.159.220     2048 Bytes  10.07.2014 19:32:08
XBV00060.VDF   : 8.11.159.222    29696 Bytes  10.07.2014 19:32:08
XBV00061.VDF   : 8.11.159.224   167936 Bytes  10.07.2014 19:32:08
XBV00062.VDF   : 8.11.159.226    35328 Bytes  10.07.2014 19:32:08
XBV00063.VDF   : 8.11.159.230   186368 Bytes  10.07.2014 19:32:08
XBV00064.VDF   : 8.11.159.250    16896 Bytes  10.07.2014 19:32:08
XBV00065.VDF   : 8.11.159.252     2048 Bytes  10.07.2014 19:32:08
XBV00066.VDF   : 8.11.160.16     6144 Bytes  10.07.2014 19:32:08
XBV00067.VDF   : 8.11.160.40    17408 Bytes  10.07.2014 04:51:04
XBV00068.VDF   : 8.11.160.42     2048 Bytes  11.07.2014 04:51:04
XBV00069.VDF   : 8.11.160.46   179200 Bytes  11.07.2014 15:28:58
XBV00070.VDF   : 8.11.160.48   203264 Bytes  11.07.2014 13:39:59
XBV00071.VDF   : 8.11.160.50     6144 Bytes  11.07.2014 13:39:59
XBV00072.VDF   : 8.11.160.52     2048 Bytes  11.07.2014 13:39:59
XBV00073.VDF   : 8.11.160.54     2048 Bytes  11.07.2014 13:39:59
XBV00074.VDF   : 8.11.160.58    22016 Bytes  11.07.2014 13:39:59
XBV00075.VDF   : 8.11.160.60     2048 Bytes  11.07.2014 13:39:59
XBV00076.VDF   : 8.11.160.62     8192 Bytes  11.07.2014 13:39:59
XBV00077.VDF   : 8.11.160.66   198656 Bytes  12.07.2014 13:39:59
XBV00078.VDF   : 8.11.160.68     7168 Bytes  12.07.2014 13:39:59
XBV00079.VDF   : 8.11.160.70    14848 Bytes  12.07.2014 13:39:59
XBV00080.VDF   : 8.11.160.72     7168 Bytes  12.07.2014 11:59:59
XBV00081.VDF   : 8.11.160.92    40448 Bytes  13.07.2014 11:59:59
XBV00082.VDF   : 8.11.160.112     2048 Bytes  13.07.2014 11:59:59
XBV00083.VDF   : 8.11.160.130   193024 Bytes  13.07.2014 15:04:24
XBV00084.VDF   : 8.11.160.132     2048 Bytes  13.07.2014 15:04:24
XBV00085.VDF   : 8.11.160.152    20480 Bytes  13.07.2014 15:04:24
XBV00086.VDF   : 8.11.160.154     2048 Bytes  13.07.2014 15:04:24
XBV00087.VDF   : 8.11.160.156    20992 Bytes  14.07.2014 15:04:24
XBV00088.VDF   : 8.11.160.158     2560 Bytes  14.07.2014 15:04:24
XBV00089.VDF   : 8.11.160.160    11264 Bytes  14.07.2014 15:04:24
XBV00090.VDF   : 8.11.160.162     2560 Bytes  14.07.2014 15:04:24
XBV00091.VDF   : 8.11.160.166    14336 Bytes  14.07.2014 15:04:24
XBV00092.VDF   : 8.11.160.168     5120 Bytes  14.07.2014 15:04:24
XBV00093.VDF   : 8.11.160.178     7168 Bytes  14.07.2014 05:08:10
XBV00094.VDF   : 8.11.160.180     2048 Bytes  14.07.2014 05:08:10
XBV00095.VDF   : 8.11.160.182     2048 Bytes  14.07.2014 05:08:10
XBV00096.VDF   : 8.11.160.188   256000 Bytes  14.07.2014 05:08:11
XBV00097.VDF   : 8.11.160.190     7680 Bytes  14.07.2014 05:08:11
XBV00098.VDF   : 8.11.160.194    18432 Bytes  15.07.2014 05:08:11
XBV00099.VDF   : 8.11.160.212   184832 Bytes  15.07.2014 16:44:42
XBV00100.VDF   : 8.11.160.230   289792 Bytes  15.07.2014 19:00:52
XBV00101.VDF   : 8.11.160.232     2048 Bytes  15.07.2014 19:00:52
XBV00102.VDF   : 8.11.160.234   176128 Bytes  15.07.2014 19:00:52
XBV00103.VDF   : 8.11.160.254    18432 Bytes  15.07.2014 19:00:53
XBV00104.VDF   : 8.11.161.16     6144 Bytes  16.07.2014 19:00:53
XBV00105.VDF   : 8.11.161.32     2048 Bytes  16.07.2014 19:00:53
XBV00106.VDF   : 8.11.161.34     2048 Bytes  16.07.2014 19:00:53
XBV00107.VDF   : 8.11.161.52    26624 Bytes  16.07.2014 19:00:53
XBV00108.VDF   : 8.11.161.68   184832 Bytes  16.07.2014 19:00:53
XBV00109.VDF   : 8.11.161.84     2048 Bytes  16.07.2014 19:00:53
XBV00110.VDF   : 8.11.162.2      2560 Bytes  16.07.2014 19:00:53
XBV00111.VDF   : 8.11.162.6     16896 Bytes  16.07.2014 04:18:26
XBV00112.VDF   : 8.11.162.8     24064 Bytes  16.07.2014 04:18:26
XBV00113.VDF   : 8.11.162.10     2560 Bytes  16.07.2014 04:18:26
XBV00114.VDF   : 8.11.162.14    41472 Bytes  17.07.2014 16:14:34
XBV00115.VDF   : 8.11.162.16     2048 Bytes  17.07.2014 16:14:35
XBV00116.VDF   : 8.11.162.18   215040 Bytes  17.07.2014 16:14:35
XBV00117.VDF   : 8.11.162.22   184320 Bytes  17.07.2014 16:14:35
XBV00118.VDF   : 8.11.162.40   258048 Bytes  17.07.2014 05:05:05
XBV00119.VDF   : 8.11.162.42     3584 Bytes  17.07.2014 05:05:06
XBV00120.VDF   : 8.11.162.58     3072 Bytes  17.07.2014 05:05:06
XBV00121.VDF   : 8.11.162.78     2048 Bytes  17.07.2014 05:05:06
XBV00122.VDF   : 8.11.162.94     2048 Bytes  17.07.2014 05:05:06
XBV00123.VDF   : 8.11.162.110    35840 Bytes  17.07.2014 05:05:06
XBV00124.VDF   : 8.11.162.112     2048 Bytes  18.07.2014 05:05:06
XBV00125.VDF   : 8.11.162.130    23040 Bytes  18.07.2014 16:01:23
XBV00126.VDF   : 8.11.162.134   184320 Bytes  18.07.2014 16:01:23
XBV00127.VDF   : 8.11.162.136     2048 Bytes  18.07.2014 16:01:23
XBV00128.VDF   : 8.11.162.152   231424 Bytes  18.07.2014 16:01:23
XBV00129.VDF   : 8.11.162.154     2048 Bytes  18.07.2014 16:01:23
XBV00130.VDF   : 8.11.162.170   108032 Bytes  18.07.2014 16:01:23
XBV00131.VDF   : 8.11.162.172     9728 Bytes  18.07.2014 16:01:24
XBV00132.VDF   : 8.11.162.174     2048 Bytes  18.07.2014 16:01:24
XBV00133.VDF   : 8.11.162.188    20992 Bytes  18.07.2014 16:01:24
XBV00134.VDF   : 8.11.162.192     2048 Bytes  18.07.2014 16:01:24
XBV00135.VDF   : 8.11.162.194     2048 Bytes  18.07.2014 16:01:24
XBV00136.VDF   : 8.11.162.200    19968 Bytes  18.07.2014 16:01:24
XBV00137.VDF   : 8.11.162.204     2048 Bytes  18.07.2014 16:01:24
XBV00138.VDF   : 8.11.162.212     2048 Bytes  18.07.2014 16:01:24
XBV00139.VDF   : 8.11.162.228   227840 Bytes  19.07.2014 16:01:24
XBV00140.VDF   : 8.11.162.244     2048 Bytes  19.07.2014 16:01:24
XBV00141.VDF   : 8.11.163.2     31232 Bytes  19.07.2014 16:01:24
XBV00142.VDF   : 8.11.163.16    62464 Bytes  20.07.2014 15:43:18
XBV00143.VDF   : 8.11.163.20   202752 Bytes  20.07.2014 15:43:18
XBV00144.VDF   : 8.11.163.22     2048 Bytes  20.07.2014 15:43:18
XBV00145.VDF   : 8.11.163.26    50176 Bytes  21.07.2014 15:57:28
XBV00146.VDF   : 8.11.163.28    23040 Bytes  21.07.2014 15:57:28
XBV00147.VDF   : 8.11.163.42     6144 Bytes  21.07.2014 15:57:28
XBV00148.VDF   : 8.11.163.44     2560 Bytes  21.07.2014 15:57:28
XBV00149.VDF   : 8.11.163.56     5120 Bytes  21.07.2014 15:57:28
XBV00150.VDF   : 8.11.163.68     8192 Bytes  21.07.2014 15:57:29
XBV00151.VDF   : 8.11.163.74   213504 Bytes  21.07.2014 15:57:29
XBV00152.VDF   : 8.11.163.78    22528 Bytes  22.07.2014 03:56:58
XBV00153.VDF   : 8.11.163.82     2560 Bytes  22.07.2014 16:19:26
XBV00154.VDF   : 8.11.163.84   181248 Bytes  22.07.2014 16:19:26
XBV00155.VDF   : 8.11.163.86     9728 Bytes  22.07.2014 16:19:26
XBV00156.VDF   : 8.11.163.92     2560 Bytes  22.07.2014 16:19:26
XBV00157.VDF   : 8.11.163.98   230400 Bytes  22.07.2014 22:18:39
XBV00158.VDF   : 8.11.163.100     2048 Bytes  22.07.2014 22:18:39
XBV00159.VDF   : 8.11.163.102     2048 Bytes  22.07.2014 22:18:39
XBV00160.VDF   : 8.11.163.108    22528 Bytes  22.07.2014 22:18:39
XBV00161.VDF   : 8.11.163.112    17920 Bytes  22.07.2014 04:18:27
XBV00162.VDF   : 8.11.163.116     2048 Bytes  23.07.2014 04:18:27
XBV00163.VDF   : 8.11.163.130   194048 Bytes  23.07.2014 20:49:36
XBV00164.VDF   : 8.11.163.142    20992 Bytes  23.07.2014 20:49:36
XBV00165.VDF   : 8.11.163.154    11776 Bytes  23.07.2014 20:49:36
XBV00166.VDF   : 8.11.163.158    17920 Bytes  23.07.2014 20:49:36
XBV00167.VDF   : 8.11.163.164     2048 Bytes  23.07.2014 20:49:36
XBV00168.VDF   : 8.11.163.170    14848 Bytes  23.07.2014 20:49:36
XBV00169.VDF   : 8.11.163.174   193024 Bytes  23.07.2014 20:49:36
XBV00170.VDF   : 8.11.163.176     3072 Bytes  23.07.2014 20:49:36
XBV00171.VDF   : 8.11.163.178     3072 Bytes  23.07.2014 20:49:36
XBV00172.VDF   : 8.11.163.184   199168 Bytes  24.07.2014 20:49:36
XBV00173.VDF   : 8.11.163.186   421376 Bytes  24.07.2014 20:49:37
XBV00174.VDF   : 8.11.163.198     2048 Bytes  24.07.2014 20:49:37
XBV00175.VDF   : 8.11.163.200     2048 Bytes  24.07.2014 20:49:37
XBV00176.VDF   : 8.11.163.212   212992 Bytes  24.07.2014 20:49:37
XBV00177.VDF   : 8.11.163.222    34816 Bytes  24.07.2014 20:49:37
XBV00178.VDF   : 8.11.163.226     2048 Bytes  24.07.2014 20:49:37
XBV00179.VDF   : 8.11.163.230    21504 Bytes  24.07.2014 20:49:37
XBV00180.VDF   : 8.11.163.234    18944 Bytes  25.07.2014 20:49:37
XBV00181.VDF   : 8.11.163.236     6656 Bytes  25.07.2014 20:49:37
XBV00182.VDF   : 8.11.163.238     2048 Bytes  25.07.2014 20:49:37
XBV00183.VDF   : 8.11.163.240   198144 Bytes  25.07.2014 20:49:38
XBV00184.VDF   : 8.11.163.244    38400 Bytes  25.07.2014 20:49:38
XBV00185.VDF   : 8.11.163.246     2048 Bytes  25.07.2014 20:49:38
XBV00186.VDF   : 8.11.163.248     6144 Bytes  25.07.2014 20:49:38
XBV00187.VDF   : 8.11.163.252    11776 Bytes  25.07.2014 20:49:38
XBV00188.VDF   : 8.11.163.254     2048 Bytes  25.07.2014 20:49:38
XBV00189.VDF   : 8.11.164.2      2048 Bytes  26.07.2014 20:49:38
XBV00190.VDF   : 8.11.164.6      5120 Bytes  26.07.2014 20:49:38
XBV00191.VDF   : 8.11.164.8      2048 Bytes  26.07.2014 20:49:38
XBV00192.VDF   : 8.11.164.20    32768 Bytes  26.07.2014 20:49:38
XBV00193.VDF   : 8.11.164.30     2048 Bytes  26.07.2014 20:49:38
XBV00194.VDF   : 8.11.164.42    37376 Bytes  27.07.2014 20:49:38
XBV00195.VDF   : 8.11.164.52     5632 Bytes  27.07.2014 20:49:38
XBV00196.VDF   : 8.11.164.54    40960 Bytes  28.07.2014 20:00:07
XBV00197.VDF   : 8.11.164.56     2048 Bytes  28.07.2014 20:00:07
XBV00198.VDF   : 8.11.164.58     4096 Bytes  28.07.2014 20:00:07
XBV00199.VDF   : 8.11.164.60     4608 Bytes  28.07.2014 20:00:07
XBV00200.VDF   : 8.11.164.62    17920 Bytes  28.07.2014 20:00:07
XBV00201.VDF   : 8.11.164.66     2048 Bytes  28.07.2014 20:00:07
XBV00202.VDF   : 8.11.164.74   206848 Bytes  28.07.2014 20:00:07
XBV00203.VDF   : 8.11.164.76   191488 Bytes  28.07.2014 20:00:08
XBV00204.VDF   : 8.11.164.78     2048 Bytes  28.07.2014 20:00:08
XBV00205.VDF   : 8.11.164.82     7168 Bytes  28.07.2014 15:30:49
XBV00206.VDF   : 8.11.164.86     9216 Bytes  29.07.2014 15:30:49
XBV00207.VDF   : 8.11.164.88   218112 Bytes  29.07.2014 15:30:49
XBV00208.VDF   : 8.11.164.98     7168 Bytes  29.07.2014 15:30:49
XBV00209.VDF   : 8.11.164.106     2048 Bytes  29.07.2014 15:30:49
XBV00210.VDF   : 8.11.164.116    90112 Bytes  29.07.2014 21:31:06
XBV00211.VDF   : 8.11.164.128   197120 Bytes  29.07.2014 21:31:06
XBV00212.VDF   : 8.11.164.138     5632 Bytes  29.07.2014 16:34:32
XBV00213.VDF   : 8.11.164.142     9728 Bytes  30.07.2014 16:34:32
XBV00214.VDF   : 8.11.164.144   199680 Bytes  30.07.2014 16:34:33
XBV00215.VDF   : 8.11.164.146   206848 Bytes  30.07.2014 16:34:33
XBV00216.VDF   : 8.11.164.148     4096 Bytes  30.07.2014 16:34:33
XBV00217.VDF   : 8.11.164.150    39936 Bytes  30.07.2014 16:34:33
XBV00218.VDF   : 8.11.164.156   220160 Bytes  30.07.2014 15:33:04
XBV00219.VDF   : 8.11.164.164    16896 Bytes  31.07.2014 15:33:04
XBV00220.VDF   : 8.11.164.172     6144 Bytes  31.07.2014 15:33:04
XBV00221.VDF   : 8.11.164.188   218624 Bytes  31.07.2014 15:33:04
XBV00222.VDF   : 8.11.164.196     2048 Bytes  31.07.2014 15:33:04
XBV00223.VDF   : 8.11.164.206    27136 Bytes  31.07.2014 05:14:48
XBV00224.VDF   : 8.11.164.214    11264 Bytes  31.07.2014 05:14:48
LOCAL001.VDF   : 8.11.164.214 109327360 Bytes  31.07.2014 05:15:03
Engineversion  : 8.3.22.14 
AEVDF.DLL      : 8.3.0.4       118976 Bytes  24.03.2014 17:26:14
AESCRIPT.DLL   : 8.2.0.12      426184 Bytes  21.07.2014 15:57:28
AESCN.DLL      : 8.3.2.2       139456 Bytes  21.07.2014 15:57:28
AESBX.DLL      : 8.2.20.24    1409224 Bytes  08.05.2014 16:34:17
AERDL.DLL      : 8.2.0.138     704888 Bytes  02.12.2013 20:39:23
AEPACK.DLL     : 8.4.0.46      786632 Bytes  28.07.2014 20:00:07
AEOFFICE.DLL   : 8.3.0.16      213192 Bytes  28.07.2014 20:00:06
AEHEUR.DLL     : 8.1.4.1188   7332040 Bytes  28.07.2014 20:00:06
AEHELP.DLL     : 8.3.1.0       278728 Bytes  28.05.2014 15:28:57
AEGEN.DLL      : 8.1.7.28      450752 Bytes  08.06.2014 19:04:25
AEEXP.DLL      : 8.4.2.6       237760 Bytes  28.06.2014 09:48:32
AEEMU.DLL      : 8.1.3.2       393587 Bytes  27.05.2013 17:46:48
AEDROID.DLL    : 8.4.2.24      442568 Bytes  08.06.2014 19:04:33
AECORE.DLL     : 8.3.2.2       241864 Bytes  21.07.2014 15:57:26
AEBB.DLL       : 8.1.1.4        53619 Bytes  27.05.2013 17:46:47
AVWINLL.DLL    : 14.0.5.320     24144 Bytes  03.07.2014 18:08:26
AVPREF.DLL     : 14.0.5.320     50256 Bytes  03.07.2014 18:08:32
AVREP.DLL      : 14.0.5.320    219216 Bytes  03.07.2014 18:08:33
AVARKT.DLL     : 14.0.5.368    226384 Bytes  03.07.2014 18:08:29
AVEVTLOG.DLL   : 14.0.5.320    182352 Bytes  03.07.2014 18:08:31
SQLITE3.DLL    : 14.0.5.320    452176 Bytes  03.07.2014 18:08:45
AVSMTP.DLL     : 14.0.5.320     76368 Bytes  03.07.2014 18:08:35
NETNT.DLL      : 14.0.5.320     13392 Bytes  03.07.2014 18:08:43
RCIMAGE.DLL    : 14.0.5.320   4998224 Bytes  03.07.2014 18:08:26
RCTEXT.DLL     : 14.0.5.322     73808 Bytes  03.07.2014 18:08:26

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Freitag, 1. August 2014  07:40

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:, Q:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '175' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'upeksvr.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingDesktopUpdater.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CAutoUpdateSvc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SkypeC2CPNRSvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'CxAudMsg64.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAMMUTE.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'MICMUTE.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRSVC.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelperService.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConversionService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SAsrv.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToolbarService.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '241' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'fmapp.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpKnrres.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALCKRESI.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'NisSrv.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPSCREX.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTShellHlp.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'TWC.Win7.exe' - '166' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPSCREX.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Wi-Fi MediaConnect.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpnumlkd.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'RCIMGDIR.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'datamngrUI.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLLML.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'LxUpdateManager.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'HTSRecover.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'NotiMan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'PrivacyIconClient.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'Bluetooth Headset Helper.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'VIPAppService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MCPLaunch.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4479' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows7_OS>
    [0] Archivtyp: RSRC
    --> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
        [1] Archivtyp: RSRC
      --> C:\Program Files\ThinkVantage Fingerprint Software\Drivers\WinUSBCoInstaller2.dll
          [2] Archivtyp: RSRC
        --> C:\Program Files\ThinkVantage Fingerprint Software\Drivers\WUDFUpdate_01009.dll
            [3] Archivtyp: RSRC
          --> C:\SWTOOLS\apps\DMFSD\Data1.cab
              [4] Archivtyp: CAB (Microsoft)
            --> _2212FE9FF45D557DCAC02ACD1935707E
                [FUND]      Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/Themida). Bitte verifizieren Sie den Ursprung dieser Datei.
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\SWTOOLS\apps\DMFSD\Data1.cab
  [FUND]      Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/Themida). Bitte verifizieren Sie den Ursprung dieser Datei.
          --> C:\Users\Oliver\AppData\Local\Temp\jar_cache6309049774876069055.tmp
              [4] Archivtyp: ZIP
            --> kWccKddAS/bLoYrXxi.class
                [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-4681.CN
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
            --> kWccKddAS/dOsVij.class
                [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Badorg.AW
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
            --> kWccKddAS/fhslVIQE.class
                [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
            --> kWccKddAS/QQzVZC.class
                [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Kara.O
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
            --> kWccKddAS/SUhMtf.class
                [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.Gen
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
            --> kWccKddAS/wXTQZnZ.class
                [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Oliver\AppData\Local\Temp\jar_cache6309049774876069055.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
          --> C:\Users\Oliver\AppData\Local\Temp\jar_cache6589725436491667939.tmp
              [4] Archivtyp: ZIP
            --> applet.class
                [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
                [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Oliver\AppData\Local\Temp\jar_cache6589725436491667939.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Suche in 'Q:\' <Lenovo_Recovery>

Beginne mit der Desinfektion:
C:\Users\Oliver\AppData\Local\Temp\jar_cache6589725436491667939.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52730e64.qua' verschoben!
C:\Users\Oliver\AppData\Local\Temp\jar_cache6309049774876069055.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.GE
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae421c3.qua' verschoben!
C:\SWTOOLS\apps\DMFSD\Data1.cab
  [FUND]      Die Datei ist mit einem ungewöhnlichen Laufzeitpacker komprimiert (PCK/Themida). Bitte verifizieren Sie den Ursprung dieser Datei.
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '18b97b36.qua' verschoben!


Ende des Suchlaufs: Freitag, 1. August 2014  17:09
Benötigte Zeit:  4:16:01 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  93479 Verzeichnisse wurden überprüft
 1734800 Dateien wurden geprüft
     11 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1734789 Dateien ohne Befall
  41616 Archive wurden durchsucht
      8 Warnungen
      3 Hinweise
 1346070 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
In der Antwort folgt noch das andere Logfile.

Alt 01.08.2014, 17:35   #2
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Der Malwarebytes der folgende:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 07:50:06
Logdatei: Malwarebytes Anti-Malware_ausführlich.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.01.01
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Oliver

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 351836
Verstrichene Zeit: 43 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe, 5960, , [b1b43d8498e3a195114b888461a359a7]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 122
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [c0a514ad611a9a9c576e4e4b778b966a], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}\INPROCSERVER32, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5B4144E1-B61D-495a-9A50-CD1A95D86D15}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5B4144E1-B61D-495a-9A50-CD1A95D86D15}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\BrowserConnection.Loader.1, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\BrowserConnection.Loader, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BrowserConnection.Loader, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BrowserConnection.Loader.1, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, , [085dccf578037bbba71d20797e84c43c], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, , [085dccf578037bbba71d20797e84c43c], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, , [085dccf578037bbba71d20797e84c43c], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, , [085dccf578037bbba71d20797e84c43c], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, , [085dccf578037bbba71d20797e84c43c], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5963DB80-6910-E734-3D61-9E997C263DB5}, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\TYPELIB\{65724C86-73A0-2E34-0550-CEC5B1540836}, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FD7C70D-53C4-E251-A45A-19D1F0943B8F}, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7FD7C70D-53C4-E251-A45A-19D1F0943B8F}, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{65724C86-73A0-2E34-0550-CEC5B1540836}, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.ShopToWin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1, , [63021ea3d1aa2016a502ebab14ee8080], 
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, , [aeb720a11863c86e360a85e1db27c739], 
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], 
PUP.Optional.SearchQu, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], 
PUP.Optional.SearchQu, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], 
PUP.Optional.SearchQu, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], 
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [aeb720a11863c86e360a85e1db27c739], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, , [baab7e43aad12115face42572cd64eb2], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, , [baab7e43aad12115face42572cd64eb2], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, , [baab7e43aad12115face42572cd64eb2], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, , [7de8bc055625ca6c41854c4da9594cb4], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [3f269c25fa8120162d6cafb0d9299e62], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [bea7e0e1d3a8bd79f17971eee2200000], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, , [5d08774a7efd47ef883f346561a1e020], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, , [b1b4ae133f3c82b41429c71570925aa6], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, , [80e55869700bff3721aca868f50f0bf5], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [f5702a97c9b2ef474fee528ae71b7b85], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb, , [0164f0d1accf96a06c6c7fb03fc5f907], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [6ef70fb2aecd63d38563ca48d82cfd03], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [1a4b9e231f5c61d53edd759a63a1b34d], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [590c922f4a3174c244d6d33c679daf51], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [372efec37dfeba7cd9b77f7441c16898], 
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, , [30359829304bc076a4e424cc26dc01ff], 
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Searchqu Toolbar, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylnApp.appCore.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylnApp.appCore, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylnApp.appCore, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylnApp.appCore.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\Babylon.dskBnd.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\Babylon.dskBnd, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Babylon.dskBnd, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Babylon.dskBnd.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{98889811-442D-49DD-99D7-DC866BE87DBC}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{98889811-442D-49DD-99D7-DC866BE87DBC}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BabylonToolbar, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylntlbr.bbylntlbrHlpr.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\bbylntlbr.bbylntlbrHlpr, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylntlbr.bbylntlbrHlpr, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2EECD738-5844-4A99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\bbylntlbr.bbylntlbrHlpr.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2EECD738-5844-4A99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2EECD738-5844-4A99-B4B6-146BF802613B}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\escort.escortIEPane, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\escort.escortIEPane.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 

Registrierungswerte: 4
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Searchqu Toolbar, , [aeb720a11863c86e360a85e1db27c739]
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{99079a25-328f-4bd4-be04-00955acaa0a7}, , [263fc100dc9ff145053bb0b6cf33e41c], 
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DATAMNGR, C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE, , [b1b43d8498e3a195114b888461a359a7]
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{98889811-442D-49DD-99D7-DC866BE87DBC}, Babylon Toolbar, , [1a4beed39be0f83e9fe909a3fd0529d7]

Registrierungsdaten: 6
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll   C:\Windows\SysWOW64\nvinit.dll, Gut: (), Schlecht: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll),,[35305071592249ed02bc2f6ad82a7a86]
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll   C:\Windows\system32\nvinitx.dll, Gut: (), Schlecht: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll),,[35305071592249ed02bc2f6ad82a7a86]
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll   C:\Windows\SysWOW64\nvinit.dll, Gut: (), Schlecht: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll),,[6df8774a047731050be8d3d85ca610f0]
PUP.Optional.SearchQu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll   C:\Windows\system32\nvinitx.dll, Gut: (), Schlecht: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll),,[6df8774a047731050be8d3d85ca610f0]
Hijack.StartPage, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.searchqu.com/406, Gut: (www.google.com), Schlecht: (hxxp://www.searchqu.com/406),,[24418f327dfe999d24b7427838cc03fd]
Hijack.StartPage, HKU\S-1-5-21-3650026994-3939925165-1484858736-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.searchnu.com/410, Gut: (www.google.com), Schlecht: (hxxp://www.searchnu.com/410),,[02632d94770484b24a928f2b1fe58f71]

Ordner: 53
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\chrome, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\searchplugin, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Datamngr.A, C:\Users\Oliver\AppData\LocalLow\DataMngr, , [2540358c74074beb801d06acc83ac53b], 
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchquband, , [ee772e93accfa6904ddc635ba75beb15], 
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar, , [6afb705191ea0c2ae5457a4425ddd62a], 

Dateien: 644
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe, , [c0a514ad611a9a9c576e4e4b778b966a], 
PUP.Optional.Bandoo.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Bandoo.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll, , [214491307efdcc6a976bdabffb07a759], 
PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll, , [35305071592249ed02bc2f6ad82a7a86], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll, , [aeb720a11863c86e360a85e1db27c739], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll, , [baab7e43aad12115face42572cd64eb2], 
PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsbADD8.exe, , [b0b5f1d0ccaf8caaedd31a1838c9de22], 
PUP.Optional.Bandoo.A, C:\Users\Oliver\AppData\Local\Temp\SetupDataMngr_Searchqu.exe, , [0362a71a87f447ef96b1beb8c83cc23e], 
PUP.Optional.Somoto, C:\Users\Oliver\AppData\Local\Temp\UpdateCheckerSetup.exe, , [7ee7cbf66d0e88aea46d8c9bc63a669a], 
PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsgB2D9.exe, , [2243863b3d3ea393645c1c16af5244bc], 
PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsl9171.exe, , [86dfd9e8d5a6a29401bf102208f9659b], 
PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsq8ED1.exe, , [1352665b0e6d80b6c6fab97902ffa55b], 
PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsqB00A.exe, , [d194715093e8b482dce49f93c1408779], 
PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nssCA60.exe, , [c0a52c95d1aa61d528984fe3e21fda26], 
PUP.Optional.SearchProtect.A, C:\Users\Oliver\AppData\Local\Temp\nsv8C7F.exe, , [590c10b11368d0664a76fb370ff29868], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\sp-downloader.exe, , [75f00ab7413aba7ce5074bda47ba5ea2], 
PUP.Optional.Conduit, C:\Users\Oliver\AppData\Local\Conduit\Community Alerts\Alert.dll, , [362fa41d2f4c76c0b5ccd1d09c68ec14], 
PUP.Optional.Conduit, C:\Users\Oliver\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe, , [372ee0e125566fc73e433869f01450b0], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\BabMaint.exe, , [7bea2e93c3b865d1b98c2ab39f63a25e], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, , [69fcf8c95d1ecc6a9aac1cc1de24d12f], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, , [e77e07bab3c8d264163014c94fb317e9], 
PUP.Optional.Searchqu.A, C:\Users\Oliver\AppData\Local\Temp\searchqutoolbar-manifest.xml, , [7ce91fa23f3c51e55b4e040bdd273fc1], 
PUP.Optional.Searchqu.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, , [5312229f1962c670604b010e38cc56aa], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\conduit-search.xml, , [79eca9182655d066ac6532fd857f01ff], 
PUP.Optional.Datamngr.A, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe, , [b1b43d8498e3a195114b888461a359a7], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF3_38.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF4_38.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF5_38.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF6_38.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF7_38.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_DataMngrHlpFF8_38.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_IEBHO_63.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\del_IEBHO_7.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\sysid.ini, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\uninstall.exe, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\manifest.json, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\OurLocalPage.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png__, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config - Copy.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png, , [6df8774a047731050be8d3d85ca610f0],
         
__________________


Alt 01.08.2014, 17:41   #3
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Leider war es zu lang für einen Anhang, deshalb hier die Fortsetzung:

Code:
ATTFilter
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.SearchQu, C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngrUI.exe, , [6df8774a047731050be8d3d85ca610f0], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.BabylonToolBar.A, C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll, , [1a4beed39be0f83e9fe909a3fd0529d7], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\chrome.manifest, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\install.rdf, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\version.txt, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\chrome\vshare.tv_bar.jar, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\ConduitAutoCompleteSearch.js, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\ConduitAutoCompleteSearch.xpt, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCore.xpt, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko19.dll, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko5.dll, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko6.dll, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko7.dll, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko8.dll, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\components\RadioWMPCoreGecko9.dll, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\alertSettingsComponent.xml, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\appContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\fbAlert.js, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\getAppsContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\postAppsContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\toolbarContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\defaults\unsharedAppsContextMenu.xml, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF\manifest.mf, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF\zigbert.rsa, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\META-INF\zigbert.sf, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Chat.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\DataStructures.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\EBEncryption.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\ExternalLibraryLoader.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\HTTP.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\IO.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Log.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\MainSingleton.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\MD5.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Notifications.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\ObserversAndEvents.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Prefs.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\SearchProtector.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\SearchSuggestIO.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\String.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\TEAEncryption.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Timer.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Twitter.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\URL.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\Windows.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\modules\XML.jsm, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Local\Temp\ct2818425\searchplugin\conduit.xml, , [0e57cef3b3c8b6803370812b4eb41ee2], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\1.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\3023.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\a.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\b.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\c.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\d.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\e.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\f.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\g.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\h.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\i.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\j.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\k.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\l.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\m.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\n.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\o.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\p.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\q.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\r.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\s.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\t.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\u.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\v.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\w.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\wlu.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\x.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\y.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.PriceGong.A, C:\Users\Oliver\AppData\LocalLow\PriceGong\Data\z.txt, , [c1a428998deec472931f505fb44eb64a], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabMaint.x, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\babylon48.png, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.html, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\bg.js, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\browser_icon_babylon48.png, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\btns.png, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\cs.js, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\manifest.json, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.html, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\popup.js, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.html, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\redirect.js, , [68fd2e939be070c66274377956ac1ae6], 
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\dtx.ini, , [6afb705191ea0c2ae5457a4425ddd62a], 
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\geoip.xml, , [6afb705191ea0c2ae5457a4425ddd62a], 
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\guid.dat, , [6afb705191ea0c2ae5457a4425ddd62a], 
PUP.Optional.SearchQu.A, C:\Users\Oliver\AppData\LocalLow\searchqutoolbar\setupCfg.xml, , [6afb705191ea0c2ae5457a4425ddd62a], 
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5" ],), ,[eb7ae9d8344778bef567ec0032d2b14f]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), ,[f96cebd60d6e1c1a0ba05d8ea55f1ce4]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[2f36348dc2b9cc6aeac1f5f6c73da25e]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[b3b2853cb8c3e74f991213d8f50f19e7]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[65004c75ed8edd59cdde717a03010000]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "34279bd10000000000000024d7ded4a5");), ,[b1b4744def8c8fa7604b4f9c2bd97888]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15552");), ,[164f6061f18ada5cecbf3eadd82c9769]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[e0851da47efdfc3ac1ea9e4d996b40c0]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[2f36ad144a31d264ddce22c91aea05fb]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[e580b60b9edd2d09fdae21caa75d0000]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[5411f2cf92e985b1e3c813d86e962ed2]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");), ,[c79ee6dbfb809e980f9c628963a18e72]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");), ,[75f05c650279c07603a84c9f0202827e]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");), ,[82e3ccf5017a290d9219965507fd8d73]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[6401dce57902f3431f8c9556d133857b]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "tt=3112_7");), ,[a7be3d847ffc4ee83774d3187c88d52b]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", true);), ,[8fd6546d0873e353f1bafeed887c9c64]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?tt=3112_7&babsrc=NT_ss&mntrId=34279bd10000000000000024d7ded4a5");), ,[76ef7b46ec8fd660ffacba310ef636ca]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[86df17aa7b00c175beeda546ac5858a8]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), ,[471e6160225913231e8dae3d73911ae6]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.119:23:09");), ,[7ce9873a8fecc076eac1dd0ef60eac54]
PUP.Optional.Conduit.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2818425.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=2&q=");), ,[1e47279a314a12243cd5b03c2fd5817f]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "tt=3112_7");), ,[1f467849106bae88f13cdf0c09fbce32]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[4c190bb613680d29cf5e41aaaf557a86]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), ,[2c390bb63f3cc1751a13e10ae4208977]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");), ,[f96c18a988f33cfa48e545a645bfec14]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "34279bd10000000000000024d7ded4a5");), ,[c89dfcc59fdc2a0ce14cc12aa36134cc]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15552");), ,[2b3a368b631861d5a18cf6f5867e08f8]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");), ,[f86d922f582349ed30fd34b77a8ab44c]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");), ,[4c19f1d0e7943501181530bb42c2ef11]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.119:23:09");), ,[91d47948700b30064ae3ea01fc08e719]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[adb82a972c4f5fd7fb325a9126de46ba]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[e67f823f235803335bd26487dc28857b]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[1e47ab16b7c491a541ece605f90b4db3]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), ,[8cd97b46f08bac8ae24bd61509fb6898]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), ,[d194b40d95e6f2448aa31bd0fb097f81]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[471e89381e5d3204909d975431d39a66]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[c5a0c2ff1269c96db07d16d50df78d73]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[25404d7492e9280e85a8eefd9371f709]
PUP.Optional.Babylon.A, C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), ,[85e02d944338ae88d25b1fccaf5512ee]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Vielen lieben Dank bereits jetzt!! Ich werde jetzt keine weiteren Anhänge posten.
__________________

Alt 03.08.2014, 11:40   #4
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Hallo

Entschuldigen Sie bitte die erneute Nachfrage - gibt es zu diesem eine Hilfmöglichkeit?

Danke und viele Grüße

Alt 03.08.2014, 12:09   #5
M-K-D-B
/// TB-Ausbilder
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.08.2014, 12:33   #6
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Servus Matthias

Vielen Dank für die Hilfe .

FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 03-08-2014 12:31:54
Running from D:\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Google Update] => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-18] (Google Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {6655cf18-3981-11e2-a1b6-f0def17851f4} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {df1faded-e249-11e0-b268-f0def17851f4} - F:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll => "C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: vshare.tv Toolbar -> {7aeb3efd-e564-43f1-b658-5058a7c5743b} -> C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Toolbar: HKCU - No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} -  No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.searchnu.com/410
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vshare.tv  - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} [2014-07-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome: 
=======
CHR HomePage: hxxp://www.searchnu.com/410
CHR StartupUrls: "hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5"
CHR DefaultSearchKeyword: r
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Google Talk Plugin) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 12:29 - 2014-08-03 12:31 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-02 10:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 07:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 07:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 07:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:31 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-03 12:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 12:17 - 2011-08-03 01:16 - 01805519 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 12:14 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-03 11:56 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-03 11:56 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-03 11:56 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-03 11:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 11:37 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-03 11:33 - 2011-09-27 13:23 - 00128040 _____ () C:\Windows\setupact.log
2014-08-03 11:33 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 11:33 - 2010-11-21 05:47 - 00610492 _____ () C:\Windows\PFRO.log
2014-08-03 11:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:40 - 2014-08-01 07:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 22:01 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 22:01 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 22:01 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\aro.exe
C:\Users\Oliver\AppData\Local\Temp\aroSetup.exe
C:\Users\Oliver\AppData\Local\Temp\AskSLib.dll
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\bing.exe
C:\Users\Oliver\AppData\Local\Temp\card_setup.exe
C:\Users\Oliver\AppData\Local\Temp\chutil.dll
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
C:\Users\Oliver\AppData\Local\Temp\ffunzip.exe
C:\Users\Oliver\AppData\Local\Temp\GURC3B4.exe
C:\Users\Oliver\AppData\Local\Temp\GURC450.exe
C:\Users\Oliver\AppData\Local\Temp\installhelper.dll
C:\Users\Oliver\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\Last.fm-2.1.33.exe
C:\Users\Oliver\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oliver\AppData\Local\Temp\sqlite3.dll
C:\Users\Oliver\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Oliver\AppData\Local\Temp\Stub.EXE
C:\Users\Oliver\AppData\Local\Temp\STWSetup.exe
C:\Users\Oliver\AppData\Local\Temp\TB_84DA.exe
C:\Users\Oliver\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Oliver\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 03:02

==================== End Of Log ============================
         
--- --- ---




Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-03 12:32:35
Running from D:\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.01 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.9.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Gephi 0.8.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version:  - Gephi)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
LM98Free 2.2a (HKLM-x32\...\LM98Free 2.2a_is1) (Version:  - )
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
QuickSteuer 2013 (HKLM-x32\...\{500342C9-CCD5-4335-89AE-C8A65C0A153B}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM-x32\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
R for Windows 2.13.1 (HKLM\...\R for Windows 2.13.1_is1) (Version: 2.13.1 - R Development Core Team)
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
R for Windows 2.14.0 (HKLM\...\R for Windows 2.14.0_is1) (Version: 2.14.0 - R Development Core Team)
R for Windows 2.14.1 (HKLM\...\R for Windows 2.14.1_is1) (Version: 2.14.1 - R Development Core Team)
R for Windows 2.14.2 (HKLM\...\R for Windows 2.14.2_is1) (Version: 2.14.2 - R Development Core Team)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
R for Windows 2.15.3 (HKLM\...\R for Windows 2.15.3_is1) (Version: 2.15.3 - R Core Team)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
R for Windows 3.0.3 (HKLM\...\R for Windows 3.0.3_is1) (Version: 3.0.3 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.953 - RStudio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
vshare.tv Bar Toolbar (HKLM-x32\...\vshare.tv_Bar Toolbar) (Version: 6.7.0.6 - vshare.tv Bar)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Offizielle Deutsche Sprachdatei Plus v5.62 (HKLM-x32\...\Winamp Offizielle Deutsche Sprachdatei Plus) (Version: v5.62 - Christoph Grether)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows-Treiberpaket - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader  (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-07-2014 20:54:29 Windows-Sicherung
27-07-2014 20:56:39 Windows Update
27-07-2014 22:28:53 Windows Update
01-08-2014 05:22:10 Windows Update
01-08-2014 15:21:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14C8AF3B-40BC-4571-A504-6F69B5D1A6DF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {3223E829-D269-4F50-84FD-CF149C52267C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {38CFAE7D-227B-49C5-B947-36DCE4EBAA55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {7E4F6CD6-5B8E-461C-8134-B23427415495} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B83852E2-CDDD-44AC-B8D0-6628C263D655} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BDBD4036-6182-4726-88E6-0459A8F705D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE0049D1-B96C-4A2D-87C2-960891CE42CF} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C21FEAE2-61AF-406B-ACD0-E3E739990F87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {D5090263-5AAD-47A0-B65F-5347A628BF88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)
Task: {D5F22A8B-1CBB-43AC-97D6-3BC4F95468D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F9F52E65-52AD-4511-951F-DD4D50A99294} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-28 19:55 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-03 01:29 - 2011-06-01 06:37 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2010-12-18 15:50 - 2010-12-18 15:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-08-03 01:32 - 2011-03-23 20:48 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-09-19 02:03 - 2011-05-29 04:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-28 19:56 - 2013-11-15 11:52 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2011-08-03 01:25 - 2010-10-26 22:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-08-03 01:29 - 2011-03-06 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-24 01:42 - 2011-06-24 01:42 - 01302808 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-27 19:33 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-03-27 19:33 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-04-09 16:59 - 2014-04-09 16:59 - 01162072 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00256352 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2012-05-16 21:15 - 2010-06-21 11:14 - 00308736 _____ () C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
2010-12-18 15:50 - 2010-12-18 15:50 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-08-03 01:33 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-08-03 01:33 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-03-27 19:33 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 19:33 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-03 11:36 - 2014-08-03 11:36 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 11:34:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (08/02/2014 10:57:05 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6248) Asapi: (10:57:05:3440)(6248) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (08/02/2014 10:34:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (08/02/2014 07:31:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:27 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 8079.23 MB
Available physical RAM: 4877.05 MB
Total Pagefile: 16156.65 MB
Available Pagefile: 12679.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:229.56 GB) (Free:49.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.4 GB) (Free:41.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7FB25333)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 03.08.2014, 13:04   #7
M-K-D-B
/// TB-Ausbilder
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Zitat:
Running from D:\Desktop
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop (gemeint ist der Desktop von Laufwerk C:\ , d. h. das Tool soll sich im Pfad C:\users\<dein Benutzername>\Desktop\FRST.exe befinden) starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.08.2014, 13:15   #8
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Zitat:
Zitat von M-K-D-B Beitrag anzeigen
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop (gemeint ist der Desktop von Laufwerk C:\ , d. h. das Tool soll sich im Pfad C:\users\<dein Benutzername>\Desktop\FRST.exe befinden) starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.

Sorry, dass ich den falschen Desktop genommen habe.
Mein normaler Desktop (also der "sichtbare" Desktop) ist auf D: geschlüsselt. Ich habe es jetzt auf C:\Users\Oliver\Desktop laufen lassen und da gibt es das folgende Ergebnis.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 03-08-2014 13:14:20
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Google Update] => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-09-18] (Google Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {6655cf18-3981-11e2-a1b6-f0def17851f4} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\MountPoints2: {df1faded-e249-11e0-b268-f0def17851f4} - F:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll => "C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: vshare.tv Toolbar -> {7aeb3efd-e564-43f1-b658-5058a7c5743b} -> C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - vshare.tv Toolbar - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Toolbar: HKCU - No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} -  No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.searchnu.com/410
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vshare.tv  - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} [2014-07-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome: 
=======
CHR HomePage: hxxp://www.searchnu.com/410
CHR StartupUrls: "hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5"
CHR DefaultSearchKeyword: r
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Google Talk Plugin) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350496 2014-03-26] (ClientConnect Ltd.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 12:29 - 2014-08-03 13:14 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-02 10:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 07:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 07:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 07:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 13:14 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-03 13:09 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-03 12:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:32 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 12:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 12:17 - 2011-08-03 01:16 - 01805519 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 11:56 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-03 11:56 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-03 11:56 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-03 11:37 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-03 11:33 - 2011-09-27 13:23 - 00128040 _____ () C:\Windows\setupact.log
2014-08-03 11:33 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 11:33 - 2010-11-21 05:47 - 00610492 _____ () C:\Windows\PFRO.log
2014-08-03 11:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:40 - 2014-08-01 07:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 22:01 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 22:01 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 22:01 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\aro.exe
C:\Users\Oliver\AppData\Local\Temp\aroSetup.exe
C:\Users\Oliver\AppData\Local\Temp\AskSLib.dll
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\bing.exe
C:\Users\Oliver\AppData\Local\Temp\card_setup.exe
C:\Users\Oliver\AppData\Local\Temp\chutil.dll
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
C:\Users\Oliver\AppData\Local\Temp\ffunzip.exe
C:\Users\Oliver\AppData\Local\Temp\GURC3B4.exe
C:\Users\Oliver\AppData\Local\Temp\GURC450.exe
C:\Users\Oliver\AppData\Local\Temp\installhelper.dll
C:\Users\Oliver\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Oliver\AppData\Local\Temp\Last.fm-2.1.33.exe
C:\Users\Oliver\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oliver\AppData\Local\Temp\sqlite3.dll
C:\Users\Oliver\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Oliver\AppData\Local\Temp\Stub.EXE
C:\Users\Oliver\AppData\Local\Temp\STWSetup.exe
C:\Users\Oliver\AppData\Local\Temp\TB_84DA.exe
C:\Users\Oliver\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Oliver\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Oliver\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 03:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-03 13:19:13
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.01 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.9.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Gephi 0.8.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version:  - Gephi)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
LM98Free 2.2a (HKLM-x32\...\LM98Free 2.2a_is1) (Version:  - )
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
QuickSteuer 2013 (HKLM-x32\...\{500342C9-CCD5-4335-89AE-C8A65C0A153B}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM-x32\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
R for Windows 2.13.1 (HKLM\...\R for Windows 2.13.1_is1) (Version: 2.13.1 - R Development Core Team)
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
R for Windows 2.14.0 (HKLM\...\R for Windows 2.14.0_is1) (Version: 2.14.0 - R Development Core Team)
R for Windows 2.14.1 (HKLM\...\R for Windows 2.14.1_is1) (Version: 2.14.1 - R Development Core Team)
R for Windows 2.14.2 (HKLM\...\R for Windows 2.14.2_is1) (Version: 2.14.2 - R Development Core Team)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
R for Windows 2.15.3 (HKLM\...\R for Windows 2.15.3_is1) (Version: 2.15.3 - R Core Team)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
R for Windows 3.0.3 (HKLM\...\R for Windows 3.0.3_is1) (Version: 3.0.3 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.953 - RStudio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
vshare.tv Bar Toolbar (HKLM-x32\...\vshare.tv_Bar Toolbar) (Version: 6.7.0.6 - vshare.tv Bar)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Offizielle Deutsche Sprachdatei Plus v5.62 (HKLM-x32\...\Winamp Offizielle Deutsche Sprachdatei Plus) (Version: v5.62 - Christoph Grether)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows-Treiberpaket - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader  (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-07-2014 20:54:29 Windows-Sicherung
27-07-2014 20:56:39 Windows Update
27-07-2014 22:28:53 Windows Update
01-08-2014 05:22:10 Windows Update
01-08-2014 15:21:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14C8AF3B-40BC-4571-A504-6F69B5D1A6DF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {3223E829-D269-4F50-84FD-CF149C52267C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {38CFAE7D-227B-49C5-B947-36DCE4EBAA55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {7E4F6CD6-5B8E-461C-8134-B23427415495} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B83852E2-CDDD-44AC-B8D0-6628C263D655} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BDBD4036-6182-4726-88E6-0459A8F705D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE0049D1-B96C-4A2D-87C2-960891CE42CF} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C21FEAE2-61AF-406B-ACD0-E3E739990F87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {D5090263-5AAD-47A0-B65F-5347A628BF88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)
Task: {D5F22A8B-1CBB-43AC-97D6-3BC4F95468D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F9F52E65-52AD-4511-951F-DD4D50A99294} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-28 19:55 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-03 01:29 - 2011-06-01 06:37 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2010-12-18 15:50 - 2010-12-18 15:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-08-03 01:32 - 2011-03-23 20:48 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-11-28 19:56 - 2013-11-15 11:52 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2011-09-19 02:03 - 2011-05-29 04:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-03 01:25 - 2010-10-26 22:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-08-03 01:29 - 2011-03-06 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-24 01:42 - 2011-06-24 01:42 - 01302808 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-27 19:33 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-03-27 19:33 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-04-09 16:59 - 2014-04-09 16:59 - 01162072 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00256352 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2012-05-16 21:15 - 2010-06-21 11:14 - 00308736 _____ () C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
2010-12-18 15:50 - 2010-12-18 15:50 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-08-03 01:33 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-08-03 01:33 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2012-03-27 19:33 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 19:33 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-03 11:36 - 2014-08-03 11:36 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfsm57s.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 11:34:27 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (08/02/2014 10:57:05 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (6248) Asapi: (10:57:05:3440)(6248) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (08/02/2014 10:34:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (08/02/2014 07:31:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:27 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/02/2014 07:31:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/01/2014 05:18:25 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/01/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/31/2014 05:31:13 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 8079.23 MB
Available physical RAM: 4600.32 MB
Total Pagefile: 16156.65 MB
Available Pagefile: 12377.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:229.56 GB) (Free:49.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.4 GB) (Free:41.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7FB25333)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 03.08.2014, 13:20   #9
M-K-D-B
/// TB-Ausbilder
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Servus,


ok, danke für die Info.

Bitte auch alle zukünftigen Tools unter "C:\Users\Oliver\Desktop" abspeichern, verwenden und belassen.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.08.2014, 13:51   #10
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



combofix.txt:

Code:
ATTFilter
ComboFix 14-08-02.02 - Oliver 03.08.2014  13:32:48.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8079.5338 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\windows\SysWow64\tmp98C6.tmp
c:\windows\SysWow64\tmp98E6.tmp
Q:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-03 bis 2014-08-03  ))))))))))))))))))))))))))))))
.
.
2014-08-03 11:40 . 2014-08-03 11:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-03 11:40 . 2014-08-03 11:40	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-08-03 10:29 . 2014-08-03 11:19	--------	d-----w-	C:\FRST
2014-08-03 10:16 . 2014-05-02 06:08	1031560	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA8F42B8-3CC2-4847-8D1B-67BD7AE80201}\gapaengine.dll
2014-08-03 09:48 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D853E14E-4382-4CCC-9CD1-A3C9824DABF9}\mpengine.dll
2014-08-01 22:26 . 2014-07-02 03:09	10924376	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-01 15:22 . 2014-05-14 16:23	44512	----a-w-	c:\windows\system32\wups2.dll
2014-08-01 15:22 . 2014-05-14 16:23	58336	----a-w-	c:\windows\system32\wuauclt.exe
2014-08-01 15:22 . 2014-05-14 16:21	2620928	----a-w-	c:\windows\system32\wucltux.dll
2014-08-01 15:22 . 2014-05-14 16:23	2477536	----a-w-	c:\windows\system32\wuaueng.dll
2014-08-01 15:22 . 2014-05-14 16:23	38880	----a-w-	c:\windows\system32\wups.dll
2014-08-01 15:22 . 2014-05-14 16:20	97792	----a-w-	c:\windows\system32\wudriver.dll
2014-08-01 15:22 . 2014-05-14 16:17	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-08-01 15:22 . 2014-05-14 16:23	36320	----a-w-	c:\windows\SysWow64\wups.dll
2014-08-01 15:22 . 2014-05-14 16:23	700384	----a-w-	c:\windows\system32\wuapi.dll
2014-08-01 15:22 . 2014-05-14 16:23	581600	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-08-01 15:21 . 2014-05-14 07:23	198600	----a-w-	c:\windows\system32\wuwebv.dll
2014-08-01 15:21 . 2014-05-14 07:23	179656	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-08-01 15:21 . 2014-05-14 07:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2014-08-01 15:21 . 2014-05-14 07:17	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2014-08-01 15:18 . 2014-08-01 15:18	--------	d-----w-	c:\users\Oliver\AppData\Roaming\Opera Software
2014-08-01 15:18 . 2014-08-01 15:18	--------	d-----w-	c:\users\Oliver\AppData\Local\Opera Software
2014-08-01 15:18 . 2014-08-02 08:32	--------	d-----w-	c:\program files (x86)\Opera
2014-08-01 05:49 . 2014-08-03 11:28	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-01 05:49 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-01 05:49 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-01 05:49 . 2014-08-01 05:49	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 05:49 . 2014-08-01 05:49	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-01 05:49 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-29 15:37 . 2014-05-02 06:08	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F80657C8-95C5-438A-B883-939ADF914851}\gapaengine.dll
2014-07-17 04:38 . 2014-07-17 04:38	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-07-17 04:38 . 2014-07-11 01:02	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-16 19:12 . 2014-07-16 19:12	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-07-14 17:28 . 2014-07-14 17:29	--------	d-----w-	c:\program files\RStudio
2014-07-08 19:28 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-07-08 19:28 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-07-08 19:28 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-07-06 20:14 . 2014-07-06 20:16	--------	d-----w-	c:\program files (x86)\Rossmann Fotowelt Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-27 20:49 . 2013-05-27 17:51	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-15 05:15 . 2012-04-07 09:05	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-15 05:15 . 2011-09-18 19:03	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 22:19 . 2011-09-17 03:18	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-07-03 18:08 . 2013-05-27 17:47	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-06-27 16:12 . 2014-06-27 16:12	89888	----a-w-	c:\windows\system32\NicInstC.dll
2014-06-27 16:12 . 2014-06-27 16:12	73480	----a-w-	c:\windows\system32\e1cmsg.dll
2014-06-27 16:12 . 2014-06-27 16:12	495376	----a-w-	c:\windows\system32\drivers\e1c62x64.sys
2014-06-08 19:04 . 2013-05-27 17:47	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-09 06:14 . 2014-05-15 16:08	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-15 16:08	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-11 18:10	3178496	----a-w-	c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 18:10	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll" [2014-03-26 424224]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2014-03-26 14:19	424224	----a-w-	c:\users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\users\Oliver\AppData\LocalLow\vshare.tv_Bar\prxtbvsh2.dll" [2014-03-26 424224]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	131480	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21648480]
"BackgroundContainerV2"="c:\users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2014-03-26 325920]
"TWC.Win7"="c:\program files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe" [2014-04-09 55120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-23 1544040]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-20 2249352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"LexwareInfoService"="c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe" [2013-10-08 208424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
Google Chrome.lnk - c:\users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe [2012-1-17 860488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-3 50688]
Wi-Fi MediaConnect.lnk - c:\program files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe [2012-5-16 2345984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TBSrv;Toolbar Service;c:\program files (x86)\Tbccint\ToolbarService\ToolbarService.exe;c:\program files (x86)\Tbccint\ToolbarService\ToolbarService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys;c:\windows\SYSNATIVE\DRIVERS\wfmcvad.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 16:16]
.
2014-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
- c:\users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-20 16:16]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
- c:\users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 19:03]
.
2014-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
- c:\users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 19:03]
.
2014-07-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2014-08-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08	164760	----a-w-	c:\users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-04-04 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-07-29 115712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-15 2747680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/410
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{284171A7-2F20-7504-35E0-E1B6810714B8} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-03  13:44:47
ComboFix-quarantined-files.txt  2014-08-03 11:44
.
Vor Suchlauf: 15 Verzeichnis(se), 52.585.345.024 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 56.084.234.240 Bytes frei
.
- - End Of File - - 3336840FA860417F1FC821101ADD05B9
         
DANKE

Alt 03.08.2014, 16:10   #11
M-K-D-B
/// TB-Ausbilder
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Mehrere Anti-Virus-Programme

Code:
ATTFilter
Microsoft Security Essentials
Avira
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.08.2014, 18:20   #12
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 16:55:43
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Oliver - THINKPAD
# Gestartet von : C:\Users\Oliver\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : TBSrv

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Tbccint
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar
Ordner Gelöscht : C:\Program Files (x86)\vshare.tv_Bar
Ordner Gelöscht : C:\Users\Oliver\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Oliver\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Oliver\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Oliver\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Oliver\AppData\LocalLow\vshare.tv_Bar
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\ConduitCommon
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\CT2818425
Ordner Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
Datei Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\user.js
Datei Gelöscht : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.FCTB000100573Pos.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FCTB000100573.JSOptionsImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2818425
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{91E526FE-D9CF-443C-91A4-4A42F6178477}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91E526FE-D9CF-443C-91A4-4A42F6178477}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{91E526FE-D9CF-443C-91A4-4A42F6178477}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C6F7F10-222E-499C-AF70-859AFF3DEC23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6945BA57-160D-48E1-A676-B74F70CC2C12}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEB3EFD-E564-43F1-B658-5058A7C5743B}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\vshare.tv_Bar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\vshare.tv_Bar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vshare.tv_Bar Toolbar
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\prefs.js ]

Zeile gelöscht : user_pref("CT2818425..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2818425..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2818425..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2818425.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2818425.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2818425.BrowserCompStateIsOpen_129712757411525741", true);
Zeile gelöscht : user_pref("CT2818425.BrowserCompStateIsOpen_129735245815838327", true);
Zeile gelöscht : user_pref("CT2818425.CTID", "CT2818425");
Zeile gelöscht : user_pref("CT2818425.CurrentServerDate", "16-6-2012");
Zeile gelöscht : user_pref("CT2818425.DSInstall", false);
Zeile gelöscht : user_pref("CT2818425.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2818425.DialogsGetterLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2818425.EMailNotifierPollDate", "Thu Jan 19 2012 13:58:23 GMT+0100");
Zeile gelöscht : user_pref("CT2818425.FirstServerDate", "20-11-2011");
Zeile gelöscht : user_pref("CT2818425.FirstTime", true);
Zeile gelöscht : user_pref("CT2818425.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2818425.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2818425.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2818425.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2818425.HPInstall", false);
Zeile gelöscht : user_pref("CT2818425.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2818425.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2818425.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CT2818425.Initialize", true);
Zeile gelöscht : user_pref("CT2818425.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2818425.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2818425.InstallationId", "ConduitStubGeneric");
Zeile gelöscht : user_pref("CT2818425.InstallationType", "ConduitStubIntegration");
Zeile gelöscht : user_pref("CT2818425.InstalledDate", "Sun Nov 20 2011 09:31:36 GMT-0500 (Eastern Normalzeit)");
Zeile gelöscht : user_pref("CT2818425.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2818425.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2818425.IsGrouping", false);
Zeile gelöscht : user_pref("CT2818425.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2818425.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2818425.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2818425.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2818425.LanguagePackLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2818425.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.12.0.7", "Tue May 15 2012 23:19:01 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.12.2.3", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.8.1.0", "Thu Jan 19 2012 13:33:23 GMT+0100");
Zeile gelöscht : user_pref("CT2818425.LastLogin_3.9.0.3", "Mon Apr 23 2012 20:54:56 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.LatestVersion", "3.13.0.6");
Zeile gelöscht : user_pref("CT2818425.Locale", "en");
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipShow", false);
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2818425.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2818425.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2818425.OriginalFirstVersion", "3.8.1.0");
Zeile gelöscht : user_pref("CT2818425.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2818425.RadioLastCheckTime", "Thu Jan 19 2012 13:33:23 GMT+0100");
Zeile gelöscht : user_pref("CT2818425.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2818425.RadioLastUpdateServer", "129330101464100000");
Zeile gelöscht : user_pref("CT2818425.RadioMediaID", "21515677");
Zeile gelöscht : user_pref("CT2818425.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2818425.RadioMenuSelectedID", "EBRadioMenu_CT281842521515677");
Zeile gelöscht : user_pref("CT2818425.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2818425.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Zeile gelöscht : user_pref("CT2818425.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Zeile gelöscht : user_pref("CT2818425.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2818425.SearchBoxWidth", 313);
Zeile gelöscht : user_pref("CT2818425.SearchCaption", "vshare.tv Bar Customized Web Search");
Zeile gelöscht : user_pref("CT2818425.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("CT2818425.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2818425.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2818425.SearchProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2818425.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2818425.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2818425.ServiceMapLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.SettingsLastCheckTime", "Fri Jun 15 2012 23:44:20 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.SettingsLastUpdate", "1339665756");
Zeile gelöscht : user_pref("CT2818425.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13");
Zeile gelöscht : user_pref("CT2818425.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2818425.ThirdPartyComponentsLastCheck", "Fri Jun 15 2012 23:44:21 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.ThirdPartyComponentsLastUpdate", "1331805997");
Zeile gelöscht : user_pref("CT2818425.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2818425.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2818425");
Zeile gelöscht : user_pref("CT2818425.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2818425.UserID", "UN15485524642309745");
Zeile gelöscht : user_pref("CT2818425.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2818425.alertChannelId", "1210492");
Zeile gelöscht : user_pref("CT2818425.approveUntrustedApps", false);
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e.:2z527", "2423");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e06cg5el8:", "6E6D6F6C6A6D6F727771");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737572707375787D77242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444D327A34434C3F49552E594E513E3540236055505853565049324B787B4E455033707361553E57484B5A515C6E6D717D6D217[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A3951485367756363677575676B65527D7275624B645453515[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-0?3g>d", "3C6E6B6E716C75737A77767A452077794D2025514E52512A2324255858582B2C5D5B2C31");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b5ba==9cjag", "3B6A3C41424073747A744472457779787A7D507A22");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6C6A6D6F727774727972");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b90e@8ff=eg", "393F352F3E");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2818425.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gelöscht : user_pref("CT2818425.backendstorage.key_user_agree_ia12", "31");
Zeile gelöscht : user_pref("CT2818425.backendstorage.shoppingapp.gk.exipres", "547565204A616E20323420323031322031333A33333A323420474D542B30313030");
Zeile gelöscht : user_pref("CT2818425.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Zeile gelöscht : user_pref("CT2818425.backendstorage.user_uniqueid", "34353262393534642D346563632D336532382D303938342D363436333531613233313034");
Zeile gelöscht : user_pref("CT2818425.components.1000034", false);
Zeile gelöscht : user_pref("CT2818425.components.1000082", false);
Zeile gelöscht : user_pref("CT2818425.components.129320407169518972", false);
Zeile gelöscht : user_pref("CT2818425.components.129320408417175918", false);
Zeile gelöscht : user_pref("CT2818425.components.129320419773581338", false);
Zeile gelöscht : user_pref("CT2818425.components.129320423773893997", false);
Zeile gelöscht : user_pref("CT2818425.components.129331598259106948", false);
Zeile gelöscht : user_pref("CT2818425.components.129712757411525741", false);
Zeile gelöscht : user_pref("CT2818425.components.2919851529096195263", false);
Zeile gelöscht : user_pref("CT2818425.components.7071898492715082350", false);
Zeile gelöscht : user_pref("CT2818425.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2818425.globalFirstTimeInfoLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2818425.initDone", true);
Zeile gelöscht : user_pref("CT2818425.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2818425.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2818425.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2818425.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2818425.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2818425.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2818425.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2818425.oldAppsList", "129320401456081839,129320401456081840,111,7071898492715082350,129320423773893997,129320419773581338,129320407169518972,129320408417175918,1000082,129331598259106948[...]
Zeile gelöscht : user_pref("CT2818425.revertSettingsEnabled", false);
Zeile gelöscht : user_pref("CT2818425.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2818425.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2818425.testingCtid", "");
Zeile gelöscht : user_pref("CT2818425.toolbarAppMetaDataLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.toolbarContextMenuLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CT2818425.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2818425/CT2818425", "\"7d82c5e1ca651fd85457b57bcdd9cd361\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1210492/1206165/US", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2818425", "\"1329050982\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wNaokyQn90mMItP1sym06A==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "V3ke+ogt4ejn0sB1xPR3nw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "bM8wQLfFAEKgVLVF/G5zig==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "9zRvKErdMb8hJOq85ft5Vg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2818425", "\"d76323372b05c3748a3d6b1c93a98292\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2818425&octid=CT2818425", "\"1322501052\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\"");
Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Oliver\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3edanfci.default\\conduitCommon\\modules\\3.12.2.3");
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_8d28e409", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/menu_dlg/pg_dlg.html#pg_ext_msg_key_550770e4", "100x89");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2818425");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2818425");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2818425");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 19 2012 13:33:22 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "697a1b2a-ae3c-4f8f-8834-f97f2692f43d");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 15 2012 23:44:23 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 15 2012 23:44:31 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 15 2012 23:44:22 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "4c1639fb-8fdb-4949-95d0-5c892328eec2");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Zeile gelöscht : user_pref("browser.search.order.1", "Search Results");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/410");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

-\\ Google Chrome v

[ Datei : C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=169&systemid=406&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=3112_7&babsrc=SP_ss&mntrId=34279bd10000000000000024d7ded4a5
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3318522&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8E217E1A-7644-48BE-BA92-FCA227127617&q={searchTerms}&SSPV=
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
Gelöscht [Startup_urls] : hxxp://search.babylon.com/?tt=3112_7&babsrc=HP_ss&mntrId=34279bd10000000000000024d7ded4a5
Gelöscht [Homepage] : hxxp://www.searchnu.com/410

*************************

AdwCleaner[R0].txt - [36566 octets] - [03/08/2014 16:54:15]
AdwCleaner[S0].txt - [35780 octets] - [03/08/2014 16:55:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35841 octets] ##########
         

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.08.2014
Suchlauf-Zeit: 17:05:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.03.05
Rootkit Datenbank: v2014.08.01.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Oliver

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 347914
Verstrichene Zeit: 8 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3650026994-3939925165-1484858736-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Löschen bei Neustart, [f93805bdff7c0c2a4a5d23ee9c68af51], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 03-08-2014 18:15:42
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} ->  No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-23]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: r
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 17:04 - 2014-08-03 18:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 17:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 17:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 17:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 16:54 - 2014-08-03 16:55 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:30 - 2014-08-03 13:44 - 00000000 ____D () C:\Qoobox
2014-08-03 13:30 - 2014-08-03 13:43 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-03 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-03 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-03 12:29 - 2014-08-03 18:15 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 18:15 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-03 18:12 - 2014-08-03 17:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-03 17:47 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-03 17:47 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-03 17:43 - 2011-08-03 01:16 - 01815840 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 17:39 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-03 17:38 - 2011-09-27 13:23 - 00128152 _____ () C:\Windows\setupact.log
2014-08-03 17:38 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 17:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 16:57 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-03 16:56 - 2010-11-21 05:47 - 00611490 _____ () C:\Windows\PFRO.log
2014-08-03 16:55 - 2014-08-03 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:50 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-03 16:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 16:00 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-03 16:00 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-03 15:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:44 - 2014-08-03 13:30 - 00000000 ____D () C:\Qoobox
2014-08-03 13:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-03 13:43 - 2014-08-03 13:30 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 22:01 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 22:01 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 22:01 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucp3b4.dll
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 03:02

==================== End Of Log ============================
         
--- --- ---



Gleich kommt aufgrund der Länge noch Antwort Nummer 2.

Alt 03.08.2014, 18:21   #13
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-03 18:16:39
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANSTOSS 3 (HKLM-x32\...\ANSTOSS 3_is1) (Version:  - )
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1500 - Broadcom Corporation)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.01 - Creative Technology Limited)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileZilla Client 3.9.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Gephi 0.8.1 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version:  - Gephi)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Lexware Info Service (HKLM-x32\...\{85BF9FDB-BD5B-407C-9CAE-3542E5164783}) (Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
LM98Free 2.2a (HKLM-x32\...\LM98Free 2.2a_is1) (Version:  - )
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Grafiktreiber 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1269 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 312.69 (Version: 312.69 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
QuickSteuer 2013 (HKLM-x32\...\{500342C9-CCD5-4335-89AE-C8A65C0A153B}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer 2014 (HKLM-x32\...\{52DD1288-FA17-4062-8280-532C89A7E2F2}) (Version: 20.04.00.0003 - Haufe-Lexware GmbH & Co.KG)
R for Windows 2.13.1 (HKLM\...\R for Windows 2.13.1_is1) (Version: 2.13.1 - R Development Core Team)
R for Windows 2.13.2 (HKLM\...\R for Windows 2.13.2_is1) (Version: 2.13.2 - R Development Core Team)
R for Windows 2.14.0 (HKLM\...\R for Windows 2.14.0_is1) (Version: 2.14.0 - R Development Core Team)
R for Windows 2.14.1 (HKLM\...\R for Windows 2.14.1_is1) (Version: 2.14.1 - R Development Core Team)
R for Windows 2.14.2 (HKLM\...\R for Windows 2.14.2_is1) (Version: 2.14.2 - R Development Core Team)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
R for Windows 2.15.3 (HKLM\...\R for Windows 2.15.3_is1) (Version: 2.15.3 - R Core Team)
R for Windows 3.0.0 (HKLM\...\R for Windows 3.0.0_is1) (Version: 3.0.0 - R Core Team)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
R for Windows 3.0.3 (HKLM\...\R for Windows 3.0.3_is1) (Version: 3.0.3 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
R for Windows 3.1.1 (HKLM\...\R for Windows 3.1.1_is1) (Version: 3.1.1 - R Core Team)
RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)
RapidBoot (x32 Version: 1.00 - Lenovo) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.953 - RStudio)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.43 - Philips)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Offizielle Deutsche Sprachdatei Plus v5.62 (HKLM-x32\...\Winamp Offizielle Deutsche Sprachdatei Plus) (Version: v5.62 - Christoph Grether)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows-Treiberpaket - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows-Treiberpaket - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows-Treiberpaket - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader  (05/11/2009 4.1.0.1) (HKLM\...\9B84710FFAE6C50914FCE568B59E426F1386E7F6) (Version: 05/11/2009 4.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3650026994-3939925165-1484858736-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-07-2014 20:54:29 Windows-Sicherung
27-07-2014 20:56:39 Windows Update
27-07-2014 22:28:53 Windows Update
01-08-2014 05:22:10 Windows Update
01-08-2014 15:21:26 Windows Update
03-08-2014 11:31:01 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-03 13:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14C8AF3B-40BC-4571-A504-6F69B5D1A6DF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {3223E829-D269-4F50-84FD-CF149C52267C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {38CFAE7D-227B-49C5-B947-36DCE4EBAA55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2011-09-22] (Lenovo)
Task: {7E4F6CD6-5B8E-461C-8134-B23427415495} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B83852E2-CDDD-44AC-B8D0-6628C263D655} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BDBD4036-6182-4726-88E6-0459A8F705D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE0049D1-B96C-4A2D-87C2-960891CE42CF} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {C21FEAE2-61AF-406B-ACD0-E3E739990F87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18] (Google Inc.)
Task: {D5090263-5AAD-47A0-B65F-5347A628BF88} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)
Task: {D5F22A8B-1CBB-43AC-97D6-3BC4F95468D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {F9F52E65-52AD-4511-951F-DD4D50A99294} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job => C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-11-28 19:55 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-08-03 01:32 - 2011-03-23 20:48 - 00054272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2010-12-18 15:50 - 2010-12-18 15:50 - 00173856 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-08-03 01:25 - 2010-10-26 22:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-08-03 01:29 - 2011-03-06 13:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-24 01:42 - 2011-06-24 01:42 - 01302808 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-27 19:33 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-03-27 19:33 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-04-09 16:59 - 2014-04-09 16:59 - 01162072 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00256352 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2012-05-16 21:15 - 2010-06-21 11:14 - 00308736 _____ () C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
2010-12-18 15:50 - 2010-12-18 15:50 - 00171296 _____ () C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-08-03 01:33 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-08-03 01:33 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2014-08-03 17:39 - 2014-08-03 17:39 - 00043008 _____ () c:\users\oliver\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpucp3b4.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Oliver\AppData\Roaming\Dropbox\bin\libcef.dll
2012-03-27 19:33 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-27 19:33 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 18:50 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Oliver\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 05:38:48 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (08/03/2014 04:57:45 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (08/03/2014 04:50:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Skype.exe, Version 6.18.0.105 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1388

Startzeit: 01cfaefe2650ce0e

Endzeit: 6

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:

Error: (08/03/2014 04:24:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 04:24:19 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 04:24:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 04:24:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 04:24:15 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 04:24:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 04:24:12 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (08/03/2014 05:40:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/03/2014 05:40:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/03/2014 04:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/03/2014 04:59:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/03/2014 01:42:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/03/2014 01:39:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/03/2014 01:37:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/03/2014 11:37:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/02/2014 10:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-03 13:39:59.589
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-03 13:39:59.509
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 8079.23 MB
Available physical RAM: 5169.04 MB
Total Pagefile: 16156.65 MB
Available Pagefile: 12748.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:229.56 GB) (Free:52.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:219.4 GB) (Free:41.26 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7FB25333)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


DANKE

Alt 04.08.2014, 10:23   #14
M-K-D-B
/// TB-Ausbilder
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



Servus Oliver,




Mehrere Anti-Virus-Programme

Code:
ATTFilter
Microsoft Security Essentials
Avira
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."





Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} ->  No File
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    CHRdefaults;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von Zoek,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 04.08.2014, 23:19   #15
eqal123
 
http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Standard

http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal



FRST-Fix
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Oliver at 2014-08-04 18:55:08 Run:1
Running from C:\Users\Oliver\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
BHO-x32: No Name -> {284171A7-2F20-7504-35E0-E1B6810714B8} ->  No File
Toolbar: HKLM - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Toolbar: HKLM-x32 - No Name - !{25A3A431-30BB-47C8-AD6A-E1063801134F} -  No File
Reboot:
end
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{284171A7-2F20-7504-35E0-E1B6810714B8}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{25A3A431-30BB-47C8-AD6A-E1063801134F} => value deleted successfully.
"HKCR\CLSID\!{25A3A431-30BB-47C8-AD6A-E1063801134F}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{25A3A431-30BB-47C8-AD6A-E1063801134F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{25A3A431-30BB-47C8-AD6A-E1063801134F}" => Key not found.


The system needed a reboot. 

==== End of Fixlog ====
         
Zoek
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by Oliver on 04.08.2014 at 19:00:44,68.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Oliver\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

04.08.2014 19:05:35 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3650026994-3939925165-1484858736-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default

user.js not found
---- Lines {7AEB3EFD-E564-43F1-B658-5058A7C5743B} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"VIP2X@verisign.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- Lines FFPDFArchitectConverter@pdfarchitect.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"VIP2X@verisign.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\
---- FireFox user.js and prefs.js backups ---- 

prefs__1906_.backup

==== Deleting Files \ Folders ======================

"C:\user.js" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"VIP2X@verisign.com"="C:\Program Files (x86)\Symantec\VIP Access Client" [21.05.2012 07:14]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Reset Google Chrome ======================

C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=0 9225 bytes)

==== EOF on 04.08.2014 at 19:06:53,52 ======================
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=89985d1f521a314f9ce6dc931fdd0e4b
# engine=19494
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-04 08:57:53
# local_time=2014-08-04 10:57:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 18764 37509066 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 14004072 158815723 0 0
# scanned=841130
# found=58
# cleaned=0
# scan_time=13310
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=FDF4ADB3654AC8E84A67513864636A36359C2B31 ft=1 fh=ef83010defedbcf7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\ldrtbvsh0.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\ldrtbvsh2.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\tbvsh2.dll.vir"
sh=E6F9792E271F52A2245CC8D72C05A57D6DFBBDE3 ft=1 fh=0690a81bbbd9c1b6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\tbvsha.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper1.exe.vir"
sh=6505B4017A742332E933253F0F9EAB39CE266172 ft=1 fh=0216c665d26d87a6 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll.vir"
sh=A3026BF11E5DC3C126CD054DF0DBBC5A3C945D45 ft=1 fh=57ef4e77c6f4524f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe.vir"
sh=AB636741FF2F3C19B303F07D58F1A86879B52084 ft=1 fh=8602a2ca2dc6d415 vn="Variante von Win32/Toolbar.SearchSuite.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll.vir"
sh=0E162A35FF642FB27DE0FFA6A5E516F4A205C86F ft=1 fh=c71c001172fc8b70 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll.vir"
sh=217135A89AB767FCBEC61D371F2277D521CB8089 ft=1 fh=c71c0011672bae69 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll.vir"
sh=1BDD0763C5823A7E0109395EB6E76E4E3D5BD900 ft=1 fh=c71c0011c34523bc vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll.vir"
sh=F7C38976A06B2ED63397E73AB6E3D0627F6CA696 ft=1 fh=c71c00111d8e09b1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll.vir"
sh=283997ABE0B7EBBFD2F2BDC80A2FECD1AAF9FA23 ft=1 fh=c71c001160c49f5f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll.vir"
sh=1CA675E95A5750911D193E52E812250B24A93795 ft=1 fh=c71c0011e76bbc2f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll.vir"
sh=3BBE1BAF04EB163F211CB767A633A33EDF298546 ft=1 fh=c71c001136a612ee vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll.vir"
sh=0A7D39D76E1CC00320B838F8E1A3CF9CFDC8BEFE ft=1 fh=c71c0011804e6284 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll.vir"
sh=7F7F14EB127D396BAB4CD7B9E8818100BC48F35F ft=1 fh=c71c0011d0dec117 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll.vir"
sh=193BC08699F12487168EEEAD80047869C4E3C4CC ft=1 fh=c71c0011c20190f0 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll.vir"
sh=1245524D1C6EE8AFADC5776445A7F6B5482B945F ft=1 fh=c71c0011751dc470 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll.vir"
sh=15CFC6E2E4E741F46D2AEDA2E1FA9B826C12300F ft=1 fh=c71c00118216d43d vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll.vir"
sh=0646EBBB5216B3E78891389EFACC64C53E147A9C ft=1 fh=c71c0011323bc7dd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="möglicherweise Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=F6AC801E1D3995F95A2805227B0940F74A5DAB72 ft=1 fh=eb7d74be9d93ebad vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll.vir"
sh=79381E492CE2C8ACF594E31A87407941FD9E8A82 ft=1 fh=081b7cd38ac65771 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=37FDC039C02562267559D42D94DDB64B692FD091 ft=1 fh=7aeecd1bb81f6a22 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\hk64tbvsh2.dll.vir"
sh=A6D053127826CDA8DD8FCDBB4E81F63000910624 ft=1 fh=e8f05c501331b563 vn="möglicherweise Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\hktbvsh2.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\ldrtbvsh0.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll.vir"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsh0.dll.vir"
sh=594E0844207ADD0DBD163E1AFB7696BAA25CB961 ft=1 fh=b78030dcfe359240 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsh1.dll.vir"
sh=7148AC44C7FE0CB8D30A12ACB28171AE1F609C20 ft=1 fh=779162af1796b620 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsh2.dll.vir"
sh=E6F9792E271F52A2245CC8D72C05A57D6DFBBDE3 ft=1 fh=0690a81bbbd9c1b6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\LocalLow\vshare.tv_Bar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ctypes\FirefoxCtype.dll.vir"
sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default\Extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\Plugins\npFirefoxPlugin.dll.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=38576FE97240AD33EA79E2EE58F7116CBF10DC6C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Downloaded Installations\{FE5201C9-A684-47A1-AC22-3401B18E7682}\The Weather Channel App.msi"
sh=B0E3956B726AC92156D587ED70116E1F0C330D96 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\B\04\24144d01"
sh=198B89E752885D5E8CBB02414C68D2D63280F035 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\B\3F\EAD06d01"
sh=81F7A566F85C0BBC0EE08A8230938804C54473FE ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\C\7A\1C8E1d01"
sh=A71C84D1CB86AEDAF35650C4EF324B7629FAACDD ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oliver\AppData\Local\Mozilla\Firefox\Profiles\3edanfci.default\Cache\F\79\307EDd01"
sh=38576FE97240AD33EA79E2EE58F7116CBF10DC6C ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\101a75.msi"
sh=DC935CCB0E757C9C719A73A1D67A70CF645516A6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\67f0fa.msi"
sh=A0C885C92EB91B16BFB8FBF4A9ABCE358A658F99 ft=1 fh=70f2756ae5428532 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\DVDStyler-2.6.1-win32.exe"
sh=34F2C0844483FE1CF4B3C781A192BD3F164A364A ft=1 fh=ecc511e71376698b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\PDFCreator-1_9_1-setup-beta.exe"
sh=8BE4C277A62F2400C3B0A20F39297D310774E2AC ft=1 fh=d69c639933d87dfe vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Setup21_FreeConverter.exe"
         
SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (28.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Oliver (administrator) on THINKPAD on 04-08-2014 23:13:41
Running from C:\Users\Oliver\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Dropbox, Inc.) C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-15] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-24] (Logitech, Inc.)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-11-15] ()
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3650026994-3939925165-1484858736-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-11-15] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-11-15] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wi-Fi MediaConnect.lnk
ShortcutTarget: Wi-Fi MediaConnect.lnk -> C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oliver\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oliver\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\3edanfci.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Oliver\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Oliver\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Oliver\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Drive) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]
CHR Extension: (YouTube) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]
CHR Extension: (Google-Suche) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]
CHR Extension: (Skype Click to Call) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11]
CHR Extension: (Google Wallet) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR Extension: (Google Mail) - C:\Users\Oliver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Oliver\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2012-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-09-19] (DT Soft Ltd)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2011-09-13] (Creative Technology Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-11-15] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-03] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 19:05 - 2014-08-04 19:06 - 00004045 _____ () C:\zoek-results.log
2014-08-04 19:00 - 2014-08-04 19:06 - 00000000 ____D () C:\zoek_backup
2014-08-03 17:04 - 2014-08-03 18:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 17:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 17:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 17:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 16:54 - 2014-08-03 16:55 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:30 - 2014-08-03 13:44 - 00000000 ____D () C:\Qoobox
2014-08-03 13:30 - 2014-08-03 13:43 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-03 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-03 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-03 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-03 12:29 - 2014-08-04 23:13 - 00000000 ____D () C:\FRST
2014-08-01 17:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 17:18 - 2014-08-02 10:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 06:38 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 06:38 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 06:38 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 06:37 - 2014-07-17 06:38 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:28 - 2014-07-14 19:29 - 00000000 ____D () C:\Program Files\RStudio
2014-07-08 21:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 21:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 21:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 21:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 21:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 21:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 21:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 21:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 21:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 21:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 21:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 21:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 21:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 21:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 21:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 21:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 21:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 21:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 21:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 21:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 21:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 21:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 21:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 21:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 21:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 21:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 21:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 21:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 21:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 21:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 21:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 21:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 21:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 21:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 21:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 21:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 21:29 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 21:29 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 21:29 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 21:29 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 21:29 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 21:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 21:29 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 21:28 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 21:28 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 21:28 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:14 - 2014-07-06 22:16 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 23:13 - 2014-08-03 12:29 - 00000000 ____D () C:\FRST
2014-08-04 22:48 - 2011-09-18 21:03 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-04 21:21 - 2012-06-20 21:11 - 00001142 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001UA.job
2014-08-04 19:09 - 2011-08-03 11:03 - 00705086 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 19:09 - 2011-08-03 11:03 - 00151454 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 19:09 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 19:06 - 2014-08-04 19:05 - 00004045 _____ () C:\zoek-results.log
2014-08-04 19:06 - 2014-08-04 19:00 - 00000000 ____D () C:\zoek_backup
2014-08-04 19:05 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 19:05 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 19:03 - 2011-08-03 01:16 - 01876774 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 18:57 - 2011-09-19 01:47 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Dropbox
2014-08-04 18:56 - 2011-09-27 13:23 - 00128264 _____ () C:\Windows\setupact.log
2014-08-04 18:56 - 2011-09-10 06:10 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-04 18:56 - 2011-08-03 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-04 18:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 18:53 - 2014-02-23 23:38 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-08-04 18:40 - 2011-09-17 16:19 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Skype
2014-08-04 18:21 - 2012-06-20 21:11 - 00001120 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-04 17:57 - 2011-09-10 06:10 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-04 17:57 - 2011-09-10 06:10 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-04 17:48 - 2011-09-18 21:03 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650026994-3939925165-1484858736-1001Core.job
2014-08-04 17:38 - 2010-11-21 05:47 - 00611840 _____ () C:\Windows\PFRO.log
2014-08-03 18:12 - 2014-08-03 17:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 17:04 - 2014-08-03 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 16:55 - 2014-08-03 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-03 16:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 13:44 - 2014-08-03 13:44 - 00033677 _____ () C:\ComboFix.txt
2014-08-03 13:44 - 2014-08-03 13:30 - 00000000 ____D () C:\Qoobox
2014-08-03 13:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-03 13:43 - 2014-08-03 13:30 - 00000000 ____D () C:\Windows\erdnt
2014-08-03 13:42 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-02 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-02 10:55 - 2011-08-03 01:40 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-02 10:32 - 2014-08-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-02 10:31 - 2011-09-10 06:13 - 00001436 _____ () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Opera Software
2014-08-01 17:18 - 2014-08-01 17:18 - 00000000 ____D () C:\Users\Oliver\AppData\Local\Opera Software
2014-08-01 07:49 - 2014-08-01 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 06:11 - 2011-11-07 01:40 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-29 23:51 - 2011-11-07 01:40 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\FileZilla
2014-07-29 23:42 - 2011-11-07 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:53 - 2013-03-13 08:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-28 00:30 - 2013-03-13 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 22:49 - 2013-05-27 19:51 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-22 18:18 - 2011-09-19 01:48 - 00000000 ____D () C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 18:13 - 2011-09-10 06:10 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-21 19:00 - 2011-09-10 06:10 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-21 17:56 - 2011-09-17 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-17 06:39 - 2013-11-02 00:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 06:38 - 2014-07-17 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-17 06:38 - 2014-07-17 06:37 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 06:38 - 2013-06-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 21:12 - 2011-09-17 16:18 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 07:15 - 2012-04-07 11:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 07:15 - 2011-09-18 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 19:29 - 2014-07-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-07-14 19:29 - 2014-07-14 19:28 - 00000000 ____D () C:\Program Files\RStudio
2014-07-14 19:28 - 2011-09-27 04:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2014-07-14 19:27 - 2011-09-27 04:31 - 00000000 ____D () C:\Program Files\R
2014-07-14 17:12 - 2011-09-10 06:09 - 00000000 ____D () C:\Users\Oliver
2014-07-11 03:02 - 2014-07-17 06:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 06:38 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 06:38 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 18:42 - 2009-07-14 06:45 - 00440800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 18:40 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 00:20 - 2013-08-16 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 00:19 - 2011-09-17 05:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 00:18 - 2011-09-19 02:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 22:16 - 2014-07-06 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
2014-07-06 22:16 - 2014-07-06 22:14 - 00000000 ____D () C:\Program Files (x86)\Rossmann Fotowelt Software

Some content of TEMP:
====================
C:\Users\Oliver\AppData\Local\Temp\avgnt.exe
C:\Users\Oliver\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppwigpg.dll
C:\Users\Oliver\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 03:02

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal
dllhost.exe, exp/2012-1723.ge, exp/2012-4681.cn, exp/cve-2012-1723.a.gen, exp/java.niabil.gen, hdd0(c:, hijack.startpage, java/badorg.aw, java/kara.o, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bandoo.a, pup.optional.conduit, pup.optional.conduit.a, pup.optional.datamangr.a, pup.optional.datamngr.a, pup.optional.freecausetb.a, pup.optional.pricegong.a, pup.optional.searchprotect.a, pup.optional.searchqu, pup.optional.searchqu.a, pup.optional.shoptowin, pup.optional.somoto, win32/conduit.searchprotect.n, win32/toolbar.conduit.o, win32/toolbar.conduit.p, win32/toolbar.conduit.y



Ähnliche Themen: http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal


  1. Laptop ruft selbst die seite: http://98uj8.de/s3brsn5ba66mgfzeinrum#noad site:www.trojaner-board.de auf
    Log-Analyse und Auswertung - 15.08.2014 (11)
  2. h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet
    Log-Analyse und Auswertung - 12.08.2014 (21)
  3. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet mehrere Seiten im Firefox
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (9)
  4. Browser öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (12)
  5. Webseite http://www.98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich von alleine
    Log-Analyse und Auswertung - 06.08.2014 (9)
  6. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich im Sekundentakt
    Log-Analyse und Auswertung - 05.08.2014 (5)
  7. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet sich mehrmals im Browser. :(
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (18)
  8. http://98uj8.de/ ... #noad #ad - Webbrowser öffnet sich ungewollt
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (3)
  9. Mein Computer hat eigenmächtig die Seite http://98uj8.de/s3brsn5ba66mgfzeinrum#noad aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (17)
  10. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öfnet sich hintereinander
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (9)
  11. h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (17)
  12. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnet sich Mehrfach
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (14)
  13. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnete sich selbstständig ca 30x
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (4)
  14. Google Chrome öffnet 98uj8.de/s3brsn5ba66mgfzeinrum#noad selbstständig
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (1)
  15. Windows 8: Firefox öffnet aus dem nichts unzählige Male "hXXp://98uj8.de/s3brsn5ba66mgfzeinrum#noad"
    Log-Analyse und Auswertung - 01.08.2014 (9)
  16. Google Chrome öffnet eigenständig; h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  17. Windows 7: Firefox öffnet http://98uj8.de/s3brsn5ba66mgfzeinrum#noad
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (2)

Zum Thema http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal - Die Seite hxxp://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich zig mal in meinem Standardbrowser Opera seit heute Vormittag. Avira und Malwarebytes fanden bereits zig verdächtige Dateien, die ich anschließend in Quarantäne verschoben habe. Die - http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal...
Archiv
Du betrachtest: http://98uj8.de/s3brsn5ba66mgfzeinrum öffnet sich x mal auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.