Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.08.2014, 22:01   #1
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo,
ich habe über Chip.de COREL-DRAW Testversion runtergeladen und dabei jede Menge anderer Sachen dazubekommen, die mir das Leben erschweren, ... Leider.
Bereits im April/Mai hattet Ihr mir geholfen, und dabei hatte ich MALWAREBYTE runtergeladen. Das lässt sich jetzt zwar noch starten, das Programm macht auch noch was (ohne daß ich es gekauft hatte), aber es stoppt dann irgendwann die weitere Bearbeitung...
Könnt Ihr mir bitte helfen?
Hier Frst Log:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by Rainer (administrator) on RAINER-PC on 10-08-2014 22:07:41
Running from C:\Users\Rainer\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\LPT\srpts.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
() C:\Program Files\LPT\srptsl.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
() C:\Program Files\Deal Keeper\updateDealKeeper.exe
() C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe
() C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Smartbar) C:\Users\Rainer\AppData\Local\Smartbar\Application\SafeFinder.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
(Smart PC Solutions) C:\Program Files\PC Speed Maximizer\SPMSmartScan.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Program Files\LPT\srptm.exe
(Farbar) C:\Users\Rainer\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Rainer\AppData\Local\Smartbar\Application\SafeFinder.exe [28952 2014-06-25] (Smartbar)
HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3586509278-78834929-860225448-1002\...\MountPoints2: F - F:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [94088 2014-07-17] (Skytech Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut-Leiste.lnk
ShortcutTarget: Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft-Indexerstellung.lnk
ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms}
SearchScopes: HKLM - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms}
SearchScopes: HKCU - F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT&q={searchTerms}
SearchScopes: HKCU - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: haufereader - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: sweet-page
FF SelectedSearchEngine: sweet-page
FF Homepage: hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\user.js
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Start - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\faststartff@gmail.com [2014-07-17]
FF Extension: No Name - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\staged [2014-08-10]
FF Extension: SafeFinder Smartbar - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\{72d7ceec-c464-5081-0713-43871ac8b749} [2014-07-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\faststartff@gmail.com
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-12-15]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: 
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx []
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-15]
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [759688 2014-07-17] (Cherished Technololgy LIMITED)
R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [33560 2014-06-25] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-06] (soft Xpansion)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software)
R2 Update Deal Keeper; C:\Program Files\Deal Keeper\updateDealKeeper.exe [323320 2014-08-10] ()
R2 Util Deal Keeper; C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-10] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-17] (Fuyu LIMITED)
S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2011-01-24] (FTDI Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-05] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SAFAUSB; C:\Windows\System32\Drivers\VocTrace.sys [16035 2003-12-19] (Windows (R) 2000 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gt; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys [55232 2014-07-18] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}t; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys [55232 2014-07-17] (StdLib)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 22:03 - 2014-08-10 22:08 - 00037192 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe
2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-08-10 22:00 - 2014-08-10 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls
2014-07-30 15:23 - 2014-07-30 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 11:46 - 2014-07-26 11:47 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif
2014-07-26 11:44 - 2014-07-26 11:45 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif
2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif
2014-07-26 11:43 - 2014-07-26 11:44 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif
2014-07-23 09:38 - 2014-07-23 09:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-23 09:38 - 2014-07-23 09:39 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 09:38 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software
2014-07-20 13:23 - 2014-07-17 16:33 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
2014-07-18 20:56 - 2014-07-18 06:01 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys
2014-07-18 20:51 - 2014-07-18 20:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Systweak
2014-07-17 23:03 - 2014-07-21 00:27 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel
2014-07-17 23:02 - 2014-07-17 23:03 - 00000000 ____D () C:\ProgramData\Protexis
2014-07-17 22:57 - 2014-07-23 08:59 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-07-17 22:57 - 2014-07-17 22:58 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-17 22:57 - 2014-07-17 22:58 - 00000000 ____D () C:\Program Files\SupTab
2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\sweet-page
2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-17 22:55 - 2014-07-20 15:21 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Systweak
2014-07-17 22:55 - 2014-07-16 17:49 - 00018280 _____ () C:\Windows\system32\roboot.exe
2014-07-17 22:52 - 2014-07-17 23:02 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel
2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help
2014-07-17 21:42 - 2014-07-17 21:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-07-17 21:31 - 2014-07-17 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel
2014-07-17 21:27 - 2014-07-17 21:51 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\Documents\PC Speed Maximizer
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software
2014-07-17 21:26 - 2014-08-06 11:07 - 00000000 ____D () C:\Program Files\Opera
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-17 21:25 - 2014-07-17 22:58 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe
2014-07-17 21:25 - 2014-07-17 21:25 - 00000000 ____D () C:\Program Files\LPT
2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk
2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Smartbar
2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\LPT
2014-07-17 21:22 - 2014-07-17 21:22 - 00000919 _____ () C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk
2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-07-17 21:20 - 2014-07-17 21:21 - 00756224 _____ ( ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE.exe
2014-07-17 21:15 - 2014-07-17 21:17 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7
2014-07-17 21:12 - 2014-07-17 21:14 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 22:08 - 2014-08-10 22:03 - 00037192 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-08-10 22:08 - 2013-11-11 00:10 - 00000000 ____D () C:\FRST
2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe
2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-08-10 22:01 - 2010-08-29 23:01 - 00000000 ____D () C:\Users\Rainer
2014-08-10 22:00 - 2014-08-10 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-10 22:00 - 2013-02-20 08:55 - 00001756 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-08-10 21:58 - 2008-02-24 09:46 - 01978074 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 21:55 - 2014-06-22 14:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job
2014-08-10 21:44 - 2006-11-02 12:23 - 00000462 _____ () C:\Windows\win.ini
2014-08-10 21:39 - 2012-04-04 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-10 21:39 - 2011-12-02 22:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-10 21:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 21:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 21:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 13:01 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-10 12:34 - 2011-09-26 23:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 23:13 - 2010-11-14 21:59 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Skype
2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls
2014-08-06 16:55 - 2010-11-17 08:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Skype
2014-08-06 11:07 - 2014-07-17 21:26 - 00000000 ____D () C:\Program Files\Opera
2014-08-05 21:49 - 2008-01-21 04:47 - 00972448 _____ () C:\Windows\PFRO.log
2014-08-05 07:49 - 2014-04-28 22:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 23:44 - 2014-04-28 22:25 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-04 23:42 - 2010-08-29 22:04 - 00082968 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 22:21 - 2011-11-20 21:37 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2014-08-04 22:21 - 2011-11-20 21:35 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-07-31 11:34 - 2011-11-26 10:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-07-31 11:29 - 2014-05-07 23:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 15:24 - 2014-07-30 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 11:47 - 2014-07-26 11:46 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif
2014-07-26 11:45 - 2014-07-26 11:44 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif
2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif
2014-07-26 11:44 - 2014-07-26 11:43 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif
2014-07-25 21:50 - 2011-12-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif
2014-07-23 09:39 - 2014-07-23 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-23 09:39 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 09:38 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 09:38 - 2011-08-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-23 08:59 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-07-21 21:11 - 2008-01-21 09:16 - 01626604 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 00:27 - 2014-07-17 23:03 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel
2014-07-20 22:34 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-20 18:54 - 2010-09-18 16:08 - 00082968 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx
2014-07-20 15:21 - 2014-07-17 22:55 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Systweak
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software
2014-07-18 20:52 - 2010-08-30 08:29 - 00082968 _____ () C:\Users\Conny\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 20:51 - 2014-07-18 20:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Systweak
2014-07-18 20:50 - 2006-11-02 14:47 - 00323320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 06:01 - 2014-07-18 20:56 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys
2014-07-17 23:03 - 2014-07-17 23:02 - 00000000 ____D () C:\ProgramData\Protexis
2014-07-17 23:02 - 2014-07-17 22:52 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel
2014-07-17 23:02 - 2010-08-29 22:27 - 00082968 _____ () C:\Users\Rainer-User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 22:58 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-17 22:58 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\SupTab
2014-07-17 22:58 - 2014-07-17 21:25 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe
2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\sweet-page
2014-07-17 22:57 - 2014-07-17 22:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-17 21:51 - 2014-07-17 21:27 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5
2014-07-17 21:48 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-07-17 21:48 - 2009-06-09 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel
2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help
2014-07-17 21:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel
2014-07-17 21:38 - 2014-07-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\Documents\PC Speed Maximizer
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-17 21:25 - 2014-07-17 21:25 - 00000000 ____D () C:\Program Files\LPT
2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk
2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Smartbar
2014-07-17 21:24 - 2014-07-17 21:24 - 00000000 ____D () C:\Users\Rainer\AppData\Local\LPT
2014-07-17 21:22 - 2014-07-17 21:22 - 00000919 _____ () C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk
2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2014-07-17 21:22 - 2014-07-17 21:22 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-07-17 21:21 - 2014-07-17 21:20 - 00756224 _____ ( ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE.exe
2014-07-17 21:17 - 2014-07-17 21:15 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7
2014-07-17 21:14 - 2014-07-17 21:12 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe
2014-07-17 17:33 - 2011-11-24 17:13 - 00000000 ____D () C:\Users\Marie-Sophie\AppData\Roaming\Skype
2014-07-17 16:33 - 2014-07-20 13:23 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
2014-07-16 17:49 - 2014-07-17 22:55 - 00018280 _____ () C:\Windows\system32\roboot.exe
2014-07-12 09:11 - 2012-04-04 21:24 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-12 09:11 - 2011-06-01 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 16:42 - 2013-08-07 12:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 16:35 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Rainer\AppData\Local\temp\APNSetup.exe
C:\Users\Rainer\AppData\Local\temp\AudibleDM_iTunesSetup(2).exe
C:\Users\Rainer\AppData\Local\temp\g2bacafe.dll
C:\Users\Rainer\AppData\Local\temp\h-dwhgph.dll
C:\Users\Rainer\AppData\Local\temp\ivy7kdfr.dll
C:\Users\Rainer\AppData\Local\temp\j6prhjk4.dll
C:\Users\Rainer\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Rainer\AppData\Local\temp\mebma8zd.dll
C:\Users\Rainer\AppData\Local\temp\qivaiijj.dll
C:\Users\Rainer\AppData\Local\temp\Quarantine.exe
C:\Users\Rainer\AppData\Local\temp\ww_8aipr.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-10 21:46

==================== End Of Log ============================
         
--- --- ---



Hier Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by Rainer at 2014-08-10 22:09:18
Running from C:\Users\Rainer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version:  - )
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Guard (HKLM\...\Browser Guard) (Version:  - )
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Caminos neu A1 Vokabeltrainer (HKLM\...\de.klett.vokabeltrainer.caminosneua1.CE0E3A60A72FE7E3EB57F417A8115A03D988FEF4.1) (Version: 1.1 - Ernst Klett Sprachen GmbH)
Caminos neu A1 Vokabeltrainer (Version: 1.1 - Ernst Klett Sprachen GmbH) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0421.2132.36832 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Czech (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Danish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Dutch (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help English (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Finnish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help French (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help German (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Greek (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Italian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Japanese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Korean (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Polish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Russian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Spanish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Swedish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Thai (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Turkish (Version: 2009.0421.2131.36832 - ATI) Hidden
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0421.2132.36832 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Deal Keeper (HKLM\...\Deal Keeper) (Version: 2014.07.17.190627 - Deal Keeper) <==== ATTENTION
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
EG21 Vokabelkartei interaktiv 3 (HKLM\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular 12.3.2.6814k) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
F-Editor (HKLM\...\{2A8AEFF7-E7DA-4440-979A-2AB137BE185C}_is1) (Version: 1.03 - Technische Alternative)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.0 - Nikon)
FOTOParadies (HKLM\...\{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1) (Version: 3.1.10.253 - Foto Online Service GmbH)
FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.1 - Foto Online Service GmbH)
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
FTDI FTD2XX USB Drivers (HKLM\...\FTD2XX) (Version:  - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Haufe iDesk-Browser (HKLM\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
International Karting - from Midas (HKLM\...\International Karting - from Midas) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Klett Lernsoftware Mathematik - Lambacher Schweizer (2. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~B0BDFB6A_is1) (Version:  - )
Klett Lernsoftware Mathematik - Lambacher Schweizer (4. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~F7563B51_is1) (Version:  - )
LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version:  - )
LCN-PRO 3 (HKLM\...\{5037D595-CA93-4463-7F05-4416F53D0C7D}) (Version:  - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
LEGO® Der Herr der Ringe™ (HKLM\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
LPT System Updater Service (HKLM\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Manual CanoScan 5000,5000F,8000F (HKLM\...\{D9261CAB-3E1D-423C-9DD6-2001056DA292}) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version:  - )
Meine Tierarztpraxis in Australien (Nur Entfernen) (HKLM\...\Meine Tierarztpraxis in Australien) (Version:  - )
Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH)
metaCrawler (HKLM\...\metaCrawler) (Version:  - metaCrawler) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM\...\Motocross Madness 2) (Version:  - )
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon RAW Codec (HKLM\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.4.0 - Nikon)
Opera Stable 23.0.1522.72 (HKLM\...\Opera 23.0.1522.72) (Version: 23.0.1522.72 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Speed Maximizer v3.2 (HKLM\...\PC Speed Maximizer_is1) (Version: 3.2 - SoftCity)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
Presto! PageManager 6 (HKLM\...\{580183A6-FF92-11D5-9294-0050BA073EEC}) (Version:  - )
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
RegUse (HKLM\...\RegUse) (Version: 1.0.3.2 - Honlyn (Macao Commercial Offshore) Limited)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeFinder Smartbar (HKLM\...\{877D0E59-6CBD-43C6-966F-1F4BA343AEEC}) (Version: 11.75.72.18057 - Linkury Ltd.) <==== ATTENTION
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version:  - )
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spielefieber Braingames für Vista    (HKLM\...\Spielefieber Braingames für Vista) (Version:   - KlickMedia)
Star Stable 4 (HKLM\...\{A8522694-A08C-4844-872B-F69A175EF59C}) (Version: 1.00.0000 - Stabenfeldt)
Star Wars Empire at War (HKLM\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steuer-Hilfesammlung 2010 (HKLM\...\{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG)
Steuer-Sparer 2012 (HKLM\...\{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
TFD128 1.00 (HKLM\...\TFD_Deploy_0) (Version:  - )
TOSHIBA Accessibility (HKLM\...\InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}) (Version: 1.62.0.6C - TOSHIBA)
TOSHIBA Accessibility (Version: 1.62.0.6C - TOSHIBA) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Controls Driver (Version: 2.62.0.1C - TOSHIBA) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.3.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1 - TOSHIBA Corporation) Hidden
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017 - TOSHIBA) Hidden
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
Utility Common Driver (Version: 1.0.50.24C - TOSHIBA) Hidden
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.3.0 - Nikon)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VoiceTracer (HKLM\...\{54A13435-82CF-11D6-B859-C6D4DE0EF860}) (Version: 1.95 - )
Vokabelkartei interaktiv À plus! 2 (HKLM\...\{08DBA737-EAD2-4DDA-A48B-E7A8AEC45BD8}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Vokabelkartei interaktiv À plus! 4 (HKLM\...\{4D230951-6E24-4588-8B8C-D78E06F10A1C}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Wildlife Park 2 Familien Edition (HKLM\...\{740B51D7-C903-4536-9530-B6304C937F51}) (Version: 2.00 - Deep Silver)
Wildlife Park 2 Horses (HKLM\...\{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}) (Version: 2.00 - Deep Silver)
Wildlife Park 3 v1.0 (HKLM\...\Wildlife Park 3_is1) (Version:  - bitComposer Games)
WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
Winsol 2.00 (HKLM\...\Winsol_is1) (Version: 2.00 - Technische Alternative GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

15-07-2014 11:23:26 Windows Update
17-07-2014 21:00:29 RCP Do, Jul 17, 14  23:00
18-07-2014 18:59:13 Windows Update
22-07-2014 12:00:13 Windows Update
24-07-2014 11:49:41 Geplanter Prüfpunkt
29-07-2014 12:50:07 Windows Update
04-08-2014 21:38:05 Installed TOSHIBA Value Added Package
06-08-2014 06:53:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2014-04-27 14:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D494D4F-C171-4567-9A2B-EF54F35F50A4} - System32\Tasks\ASP => C:\Program Files\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {15B72F65-D23D-463C-A89C-D302BECADA67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1A27D10D-6B90-4FCB-B9AF-5C6501316B34} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions)
Task: {1AFDE751-66A1-420C-BAED-2F748CD6E04D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23E19204-A4C0-4FE1-B046-07C8C569482F} - System32\Tasks\{14AD0C82-FB85-4C18-8A14-04D561BC579D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {34DF98C5-A9D6-47F6-8294-54CAA3D1CB3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39D70AAE-4BA4-4E66-8AEC-5ADF274EE5AE} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {57FB448F-C823-41DB-B91A-1C0586C1CDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {6669A209-B771-4A2B-B9C7-B8070FEE4E1A} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG)
Task: {73D58360-79E6-4978-83D3-4FF2663087E5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {81D6AAFD-88F3-4289-B3AA-74297386338D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Conny => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {9B8B1DD8-E318-48DB-BE03-A5E343B59A6B} - System32\Tasks\{FFCD702D-C383-483E-9222-78453479684B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {BBCEF35F-709C-41BA-8461-A10BF63007AF} - System32\Tasks\{28CC4EDD-F8B3-4A32-AE6A-97AA732C005D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {C27DC93F-4B21-45E0-BDB8-C711D34B55C8} - System32\Tasks\Opera scheduled Autoupdate 1405625202 => C:\Program Files\Opera\launcher.exe [2014-08-05] (Opera Software)
Task: {D21B4A59-B972-4028-9D35-A15048FBBD99} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F851638C-3015-4550-B49A-5F3C8A042324} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FA228AC1-CD41-427F-BE9E-59DBF4D1E3D2} - System32\Tasks\{443024A5-EF36-4634-ADDC-CA05EF656195} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-02-24 09:49 - 2009-04-21 23:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00033560 _____ () C:\Program Files\LPT\srpts.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00043288 _____ () C:\Program Files\LPT\srptc.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00018200 _____ () C:\Program Files\LPT\Smartbar.Common.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00037656 _____ () C:\Program Files\LPT\srptsl.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00066840 _____ () C:\Program Files\LPT\srut.dll
2009-04-24 12:39 - 2009-04-24 12:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2014-07-17 21:06 - 2014-08-10 09:23 - 00323320 _____ () C:\Program Files\Deal Keeper\updateDealKeeper.exe
2014-07-18 20:54 - 2014-08-10 09:22 - 00323320 _____ () C:\Program Files\Deal Keeper\bin\utilDealKeeper.exe
2009-01-30 22:11 - 2009-01-30 22:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
1997-09-04 00:00 - 1997-09-04 00:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2008-02-24 09:50 - 2008-02-24 09:50 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 11:41 - 2009-01-30 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-02-24 09:50 - 2008-02-24 09:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-09 17:38 - 2014-08-10 11:23 - 00239352 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.PurBrowse.exe
2014-07-18 20:56 - 2014-08-10 20:23 - 00096504 _____ () C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00047384 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00070936 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srau.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00166680 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 02344216 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00067864 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\spbl.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00158488 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00015128 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\siem.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00067864 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sppsm.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00697624 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00015640 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00079640 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00027928 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00066840 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srut.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00030488 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srsbs.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00066328 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00150808 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smti.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00032024 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srom.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00031512 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smtu.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00040216 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smta.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00062744 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\smsp.dll
2014-07-17 21:24 - 2014-07-17 21:24 - 00904704 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00046872 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srbu.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00024856 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sgml.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00062744 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00025880 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srpdm.dll
2014-06-25 16:26 - 2014-06-25 16:26 - 00044312 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-06-25 16:18 - 2014-06-25 16:18 - 00025880 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00036120 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00193816 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00256280 _____ () C:\Users\Rainer\AppData\Local\Smartbar\Application\srns.dll
2014-07-30 15:23 - 2014-07-30 15:24 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-18 20:56 - 2014-08-10 20:23 - 00195320 _____ () C:\Program Files\Deal Keeper\bin\DealKeeperBAApp.dll
2014-07-12 09:11 - 2014-07-12 09:11 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-06-25 16:28 - 2014-06-25 16:28 - 00023832 _____ () C:\Program Files\LPT\srptm.exe
2014-06-25 16:28 - 2014-06-25 16:28 - 00081688 _____ () C:\Program Files\LPT\srpt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HRService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SXDS10 => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rainer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: cfFncEnabler.exe => "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
MSCONFIG\startupreg: NDSTray.exe => "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2014 09:54:26 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp458800700b7

Error: (08/10/2014 09:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, fehlerhaftes Modul FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, Ausnahmecode 0x40000015, Fehleroffset 0x00017670,
Prozess-ID 0x1834, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_145.exe0.

Error: (08/10/2014 09:48:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (08/10/2014 09:48:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (08/10/2014 09:46:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, fehlerhaftes Modul FlashPlayerPlugin_14_0_0_145.exe, Version 14.0.0.145, Zeitstempel 0x53aa1aea, Ausnahmecode 0x40000015, Fehleroffset 0x00017670,
Prozess-ID 0x101c, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_145.exe0.

Error: (08/10/2014 09:38:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung MSOFFICE.EXE, Version 8.0.0.3512, Zeitstempel 0x3287ddb4, fehlerhaftes Modul MSOFFICE.EXE, Version 8.0.0.3512, Zeitstempel 0x3287ddb4, Ausnahmecode 0xc0000005, Fehleroffset 0x0000acfd,
Prozess-ID 0x1280, Anwendungsstartzeit MSOFFICE.EXE0.

Error: (08/10/2014 09:38:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2014 00:28:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2014 09:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2014 05:37:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/10/2014 09:57:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Platform Services%%1053

Error: (08/10/2014 09:57:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Platform Services

Error: (08/10/2014 09:57:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Platform Services%%1053

Error: (08/10/2014 09:57:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000McAfee Platform Services

Error: (08/10/2014 09:57:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (08/10/2014 09:56:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (08/10/2014 09:50:16 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (08/10/2014 09:39:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (08/10/2014 09:38:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/10/2014 09:36:31 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-10 21:49:12.322
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-10 21:49:11.229
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-10 21:49:10.128
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-10 21:49:08.643
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-10 21:49:06.628
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-10 21:49:05.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-10 21:49:04.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-10 21:49:04.343
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 15:11:49.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-07 15:11:48.698
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 68%
Total physical RAM: 3035.93 MB
Available physical RAM: 969 MB
Total Pagefile: 6276.09 MB
Available Pagefile: 3900.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.65 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:19.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:108.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Hier GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-10 22:52:03
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01 372.61GB
Running: Gmer-19357.exe; Driver: C:\Users\Rainer\AppData\Local\Temp\kxliqpog.sys


---- Kernel code sections - GMER 2.1 ----

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                             section is writeable [0x84B50480, 0x3C939, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                             unknown last section [0x84B91900, 0x3CA, 0x48000040]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                              section is writeable [0x90A09000, 0x263970, 0xE8000020]
.reloc          C:\Windows\system32\drivers\acehlp10.sys                                                              section is executable [0x91011B80, 0x37FC7, 0xE0000060]
.reloc          C:\Windows\system32\drivers\acedrv10.sys                                                              section is executable [0xA10A4000, 0x459C1, 0xE0000060]
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                              entry point in ".vmp2" section [0xA111169D]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1312] kernel32.dll!LoadLibraryW  75F694F8 5 Bytes  JMP 6354B470 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
.text           C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[1312] kernel32.dll!LoadLibraryA  75F69674 5 Bytes  JMP 6354B370 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                               Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                               {55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                               mfewfpk.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                               {55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                               mfewfpk.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat               0x40 0x52 0xCB 0x8F ...

---- EOF - GMER 2.1 ----
         
So, und nach dem ich nun MALWAREBYTE nochmal gestartet habe, hat das Programm nun doch jede Menge 'PUP.OPTIONAL.SKYTECH.A' Dinge in die Quarantäne verschoben,... soll ich die alle löschen?
Die unerwünschte Umleitung ist immer noch aktiv...

Viele Grüße und vielen Dank
Rainer

Geändert von Romanos (10.08.2014 um 22:18 Uhr)

Alt 10.08.2014, 23:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!





Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 12.08.2014, 21:14   #3
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo Cosinus,
nein, keine anderen gemacht...
Viele Grüße
Romanos
__________________

Alt 12.08.2014, 22:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Alt 15.08.2014, 20:33   #5
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo Cosinus,
ok, 1. Schritt: adwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.010 - Bericht erstellt am 27/10/2013 um 21:31:26
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Rainer - RAINER-PC
# Gestartet von : C:\Users\Rainer-User\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : vToolbarUpdater17.0.12

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files\ParetoLogic
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Rainer\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Rainer-User\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
[!] Ordner Gelöscht : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\pqwcenxs.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\5mq7bxlg.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Datei Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\searchplugins\bingp.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19475


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\n543x2gz.default\prefs.js ]


[ Datei : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_833916\prefs.js ]


[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\prefs.js ]


[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\pqwcenxs.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]

[ Datei : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\5mq7bxlg.default\prefs.js ]


[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [102604 octets] - [07/10/2013 22:17:36]
AdwCleaner[R1].txt - [3755 octets] - [27/10/2013 21:15:21]
AdwCleaner[S0].txt - [95082 octets] - [07/10/2013 22:21:25]
AdwCleaner[S1].txt - [3702 octets] - [27/10/2013 21:31:26]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [3762 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.305 - Bericht erstellt am 15/08/2014 um 21:16:19
# Aktualisiert 14/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Rainer - RAINER-PC
# Gestartet von : C:\Users\Rainer\Downloads\adwcleaner_3.305.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : LPTSystemUpdater
[#] Dienst Gelöscht : Update Deal Keeper
[#] Dienst Gelöscht : Util Deal Keeper
[#] Dienst Gelöscht : {55dce8ba-9dec-4013-937e-adbf9317d990}Gt
[#] Dienst Gelöscht : {55dce8ba-9dec-4013-937e-adbf9317d990}t

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\FileCure
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files\LPT
Ordner Gelöscht : C:\Program Files\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files\SupTab
[!] Ordner Gelöscht : C:\Program Files\Deal Keeper
Ordner Gelöscht : C:\Users\Conny\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Conny\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Marie-Sophie\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Rainer\AppData\Local\Temp\Deal Keeper
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Rainer\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Rainer-User\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys
Datei Gelöscht : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}t.sys
Datei Gelöscht : C:\Users\Rainer\Desktop\PC Speed Maximizer.lnk
Datei Gelöscht : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\gpptex8c.default-1399582062237\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\1kgaslal.default-1399581076297\searchplugins\ask-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Datei Gelöscht : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\user.js

***** [ Tasks ] *****

Task Gelöscht : ASP

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Deal Keeper
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Deal Keeper
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19553

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\tnayw4n9.default-1384290331207\prefs.js ]


[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\prefs.js ]


[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js ]


[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\prefs.js ]


[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\gpptex8c.default-1399582062237\prefs.js ]


[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\tg3604ts.default-1384291631991\prefs.js ]


[ Datei : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\5mq7bxlg.default\prefs.js ]


[ Datei : C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js ]


[ Datei : C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "sweet-page");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "sweet-page");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hp&ts=1405630596&from=cor&uid=TOSHIBAXMK4055GSX_69KOT4VITXX69KOT4VIT");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1405625155");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1405583345256");

[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\1kgaslal.default-1399581076297\prefs.js ]


[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\65usia27.default-1384288767431\prefs.js ]


[ Datei : C:\Users\Rainer-User\AppData\Roaming\Mozilla\Firefox\Profiles\pqwcenxs.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Rainer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [109349 octets] - [07/10/2013 23:17:36]
AdwCleaner[R1].txt - [16569 octets] - [27/10/2013 22:15:21]
AdwCleaner[S0].txt - [101709 octets] - [07/10/2013 23:21:25]
AdwCleaner[S1].txt - [15335 octets] - [27/10/2013 22:31:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15396 octets] ##########
         
--- --- ---
Dann
2. Schritt: JRT - Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Rainer on 15.08.2014 at 21:40:31.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Rainer\AppData\Roaming\mozilla\firefox\profiles\yztin5xb.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.08.2014 at 21:48:26.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und 3. Schritt: Frisches Log mit FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014
Ran by Rainer (administrator) on RAINER-PC on 15-08-2014 21:52:07
Running from C:\Users\Rainer\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Farbar) C:\Users\Rainer\Downloads\FRST(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut-Leiste.lnk
ShortcutTarget: Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft-Indexerstellung.lnk
ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKCU - F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: haufereader - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default
FF NewTab: chrome://quick_start/content/index.html
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SafeFinder Smartbar - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\{72d7ceec-c464-5081-0713-43871ac8b749} [2014-07-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-12-15]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: 
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx []
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-15]
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-06] (soft Xpansion)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software)
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2011-01-24] (FTDI Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SAFAUSB; C:\Windows\System32\Drivers\VocTrace.sys [16035 2003-12-19] (Windows (R) 2000 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 21:51 - 2014-08-15 21:51 - 01092096 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(2).exe
2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe
2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe
2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-15 21:36 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-15 21:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-15 21:34 - 2014-08-15 21:36 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-15 21:31 - 2014-08-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe
2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml
2014-08-15 09:29 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 09:29 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 09:29 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 09:29 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 09:07 - 2014-07-24 23:33 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 09:07 - 2014-07-24 23:33 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-08-14 09:07 - 2014-07-24 21:56 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-14 09:07 - 2014-07-24 21:49 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 09:07 - 2014-07-24 21:49 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 09:07 - 2014-07-24 21:48 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 09:07 - 2014-07-24 21:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 09:07 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 09:07 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 09:07 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 09:07 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 09:07 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 09:07 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 09:07 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 09:07 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 09:06 - 2014-07-25 06:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 09:06 - 2014-07-25 04:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt
2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe
2014-08-10 22:09 - 2014-08-10 22:12 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt
2014-08-10 22:03 - 2014-08-15 21:52 - 00021409 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe
2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls
2014-07-30 15:23 - 2014-07-30 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 11:46 - 2014-07-26 11:47 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif
2014-07-26 11:44 - 2014-07-26 11:45 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif
2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif
2014-07-26 11:43 - 2014-07-26 11:44 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif
2014-07-23 09:38 - 2014-08-15 21:09 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 09:38 - 2014-08-15 21:08 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 09:38 - 2014-08-15 21:04 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software
2014-07-17 23:03 - 2014-07-21 00:27 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel
2014-07-17 23:02 - 2014-07-17 23:03 - 00000000 ____D () C:\ProgramData\Protexis
2014-07-17 22:57 - 2014-08-15 21:16 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-07-17 22:52 - 2014-07-17 23:02 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel
2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help
2014-07-17 21:42 - 2014-07-17 21:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-07-17 21:31 - 2014-07-17 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel
2014-07-17 21:27 - 2014-07-17 21:51 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software
2014-07-17 21:26 - 2014-08-12 11:40 - 00000000 ____D () C:\Program Files\Opera
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-17 21:25 - 2014-07-17 22:58 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe
2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk
2014-07-17 21:15 - 2014-07-17 21:17 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7
2014-07-17 21:12 - 2014-07-17 21:14 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 21:53 - 2014-08-10 22:03 - 00021409 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-08-15 21:52 - 2013-11-11 00:10 - 00000000 ____D () C:\FRST
2014-08-15 21:51 - 2014-08-15 21:51 - 01092096 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(2).exe
2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-08-15 21:43 - 2014-04-28 22:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe
2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe
2014-08-15 21:38 - 2012-04-04 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-15 21:36 - 2014-08-15 21:34 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-15 21:36 - 2009-06-09 11:10 - 00000000 ____D () C:\Program Files\Java
2014-08-15 21:34 - 2011-09-26 23:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 21:31 - 2014-08-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-15 21:31 - 2013-02-20 08:55 - 00001756 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-15 21:30 - 2012-04-04 21:24 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-15 21:30 - 2011-06-01 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 21:29 - 2008-02-24 09:46 - 01229829 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 21:26 - 2014-06-22 14:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job
2014-08-15 21:24 - 2008-01-21 04:47 - 00973488 _____ () C:\Windows\PFRO.log
2014-08-15 21:24 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 21:24 - 2006-11-02 14:47 - 00323320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 21:24 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 21:24 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 21:23 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-15 21:22 - 2013-10-07 23:17 - 00000000 ____D () C:\AdwCleaner
2014-08-15 21:17 - 2006-11-02 12:23 - 00000462 _____ () C:\Windows\win.ini
2014-08-15 21:16 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe
2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-15 21:09 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iTunes
2014-08-15 21:08 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod
2014-08-15 21:04 - 2014-07-23 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-15 15:44 - 2011-12-02 22:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-15 10:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-15 10:27 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 10:18 - 2008-01-21 09:16 - 01626604 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml
2014-08-15 10:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 09:34 - 2013-08-07 12:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 09:34 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-13 18:39 - 2010-11-17 08:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Skype
2014-08-12 12:37 - 2011-11-24 17:13 - 00000000 ____D () C:\Users\Marie-Sophie\AppData\Roaming\Skype
2014-08-12 11:40 - 2014-07-17 21:26 - 00000000 ____D () C:\Program Files\Opera
2014-08-12 11:37 - 2010-09-01 12:44 - 00082968 _____ () C:\Users\Marie-Sophie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt
2014-08-10 22:22 - 2010-11-14 21:59 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Skype
2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe
2014-08-10 22:12 - 2014-08-10 22:09 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt
2014-08-10 22:02 - 2014-08-10 22:02 - 01091072 _____ (Farbar) C:\Users\Rainer\Downloads\FRST(1).exe
2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-08-10 22:01 - 2010-08-29 23:01 - 00000000 ____D () C:\Users\Rainer
2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls
2014-08-04 23:44 - 2014-04-28 22:25 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-04 23:42 - 2010-08-29 22:04 - 00082968 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 22:21 - 2011-11-20 21:37 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2014-08-04 22:21 - 2011-11-20 21:35 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-07-31 11:34 - 2011-11-26 10:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-07-31 11:29 - 2014-05-07 23:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 15:24 - 2014-07-30 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 11:47 - 2014-07-26 11:46 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif
2014-07-26 11:45 - 2014-07-26 11:44 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif
2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif
2014-07-26 11:44 - 2014-07-26 11:43 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif
2014-07-25 21:50 - 2011-12-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif
2014-07-25 12:55 - 2014-08-15 21:36 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-15 21:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-25 06:26 - 2014-08-14 09:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-25 04:53 - 2014-08-14 09:06 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 23:33 - 2014-08-14 09:07 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 23:33 - 2014-08-14 09:07 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-07-24 21:56 - 2014-08-14 09:07 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-24 21:49 - 2014-08-14 09:07 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 21:49 - 2014-08-14 09:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 21:48 - 2014-08-14 09:07 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 21:48 - 2014-08-14 09:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-23 09:38 - 2011-08-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-21 00:27 - 2014-07-17 23:03 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-20 18:54 - 2010-09-18 16:08 - 00082968 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software
2014-07-18 20:52 - 2010-08-30 08:29 - 00082968 _____ () C:\Users\Conny\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 23:03 - 2014-07-17 23:02 - 00000000 ____D () C:\ProgramData\Protexis
2014-07-17 23:02 - 2014-07-17 22:52 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Corel
2014-07-17 23:02 - 2010-08-29 22:27 - 00082968 _____ () C:\Users\Rainer-User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 22:58 - 2014-07-17 21:25 - 875606016 _____ (Acresso Software Inc. ) C:\Users\Rainer\Downloads\CorelDRAWGraphicsSuiteX5Installer_DE [1].exe
2014-07-17 21:51 - 2014-07-17 21:27 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X5
2014-07-17 21:48 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-07-17 21:48 - 2009-06-09 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Visual Studio 2008
2014-07-17 21:45 - 2014-07-17 21:45 - 00000000 ____D () C:\Users\Rainer\Documents\Corel
2014-07-17 21:44 - 2014-07-17 21:44 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Microsoft Help
2014-07-17 21:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-17 21:42 - 2014-07-17 21:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-07-17 21:38 - 2014-07-17 21:38 - 00000000 ____D () C:\Program Files\Common Files\Corel
2014-07-17 21:38 - 2014-07-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Corel
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-07-17 21:30 - 2014-07-17 21:30 - 00000000 ____D () C:\Program Files\Corel
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Roaming\Opera Software
2014-07-17 21:27 - 2014-07-17 21:27 - 00000000 ____D () C:\Users\Rainer\AppData\Local\Opera Software
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-07-17 21:26 - 2014-07-17 21:26 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-07-17 21:24 - 2014-07-17 21:24 - 00002181 _____ () C:\Users\Rainer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-17 21:24 - 2014-07-17 21:24 - 00002151 _____ () C:\Users\Rainer\Desktop\Search.lnk
2014-07-17 21:17 - 2014-07-17 21:15 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7
2014-07-17 21:14 - 2014-07-17 21:12 - 489408088 _____ (Acresso Software Inc. ) C:\Users\Rainer-User\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE32Bit.exe

Some content of TEMP:
====================
C:\Users\Rainer\AppData\Local\temp\APNSetup.exe
C:\Users\Rainer\AppData\Local\temp\AudibleDM_iTunesSetup(2).exe
C:\Users\Rainer\AppData\Local\temp\g2bacafe.dll
C:\Users\Rainer\AppData\Local\temp\h-dwhgph.dll
C:\Users\Rainer\AppData\Local\temp\ivy7kdfr.dll
C:\Users\Rainer\AppData\Local\temp\j6prhjk4.dll
C:\Users\Rainer\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Rainer\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Rainer\AppData\Local\temp\mebma8zd.dll
C:\Users\Rainer\AppData\Local\temp\qivaiijj.dll
C:\Users\Rainer\AppData\Local\temp\Quarantine.exe
C:\Users\Rainer\AppData\Local\temp\ww_8aipr.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-15 21:32

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Ist jetzt alles sauber?
Grüße, und vielen herzlichen Dank für Deine Hilfe
Rainer


Geändert von Romanos (15.08.2014 um 20:56 Uhr)

Alt 15.08.2014, 23:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
--> Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download

Alt 17.08.2014, 21:02   #7
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo Cosinus,
Achtung: ich habe die letzten Tage meine Festplatten defragmentiert, und danach hat Malwarebyte gemeint, es habe neue Dinge entdeckt, die es zu verbessern gäbe (:-)).
Ergebnis:
Code:
ATTFilter
  <?xml version="1.0" encoding="UTF-8" ?> 
- <logs>
  <record severity="debug" LoggingEventType="1" datetime="2014-08-17T13:22:37.763374+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.15.1" last_modified_tag="6196fa69-2411-45fe-9080-eba453578fd4" name="Rootkit Database" toVersion="2014.8.16.1" /> 
  <record severity="debug" LoggingEventType="1" datetime="2014-08-17T13:22:40.584374+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.16.6" last_modified_tag="84ae2a20-2e01-4a61-8d99-e0f0eb0bd4d2" name="Malware Database" toVersion="2014.8.17.1" /> 
  <record severity="debug" LoggingEventType="1" datetime="2014-08-17T15:53:24.575879+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.17.1" last_modified_tag="63e012a4-e4b9-4ba0-b27b-0448371e746f" name="Malware Database" toVersion="2014.8.17.3" /> 
  <record severity="debug" LoggingEventType="1" datetime="2014-08-17T20:57:56.406355+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="RAINER-PC" fromVersion="2014.8.17.3" last_modified_tag="299d3c46-df9e-4656-abc5-fa1345b72398" name="Malware Database" toVersion="2014.8.17.5" /> 
  </logs>
         
Dann Addition txt.
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 03
Ran by Rainer at 2014-08-17 22:05:49
Running from c:\Users\Rainer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
ArcSoft PhotoStudio 5 (HKLM\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version:  - )
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{4324E4DD-C67C-A413-5C12-5DC694A99AF6}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Guard (HKLM\...\Browser Guard) (Version:  - )
Caminos neu A1 Vokabeltrainer (HKLM\...\de.klett.vokabeltrainer.caminosneua1.CE0E3A60A72FE7E3EB57F417A8115A03D988FEF4.1) (Version: 1.1 - Ernst Klett Sprachen GmbH)
Caminos neu A1 Vokabeltrainer (Version: 1.1 - Ernst Klett Sprachen GmbH) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0421.2132.36832 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Czech (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Danish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Dutch (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help English (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Finnish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help French (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help German (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Greek (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Italian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Japanese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Korean (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Polish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Russian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Spanish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Swedish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Thai (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Turkish (Version: 2009.0421.2131.36832 - ATI) Hidden
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0421.2132.36832 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
EG21 Vokabelkartei interaktiv 3 (HKLM\...\{D14B5875-A7FB-4169-BE5B-C9003A5C71AC}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular 12.3.2.6814k) (Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
F-Editor (HKLM\...\{2A8AEFF7-E7DA-4440-979A-2AB137BE185C}_is1) (Version: 1.03 - Technische Alternative)
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.0 - Nikon)
FOTOParadies (HKLM\...\{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1) (Version: 3.1.10.253 - Foto Online Service GmbH)
FOTOParadies (HKLM\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.1 - Foto Online Service GmbH)
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
FTDI FTD2XX USB Drivers (HKLM\...\FTD2XX) (Version:  - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Haufe iDesk-Browser (HKLM\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Haufe iDesk-Service (HKLM\...\{27F10580-E040-11DF-8C28-005056B12123}) (Version: 10.10.25.7810 - Haufe)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
International Karting - from Midas (HKLM\...\International Karting - from Midas) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Klett Lernsoftware Mathematik - Lambacher Schweizer (2. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~B0BDFB6A_is1) (Version:  - )
Klett Lernsoftware Mathematik - Lambacher Schweizer (4. Lernjah (HKLM\...\Klett Lernsoftware Mathematik - Lambacher Schwei~F7563B51_is1) (Version:  - )
LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version:  - )
LCN-PRO 3 (HKLM\...\{5037D595-CA93-4463-7F05-4416F53D0C7D}) (Version:  - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
LEGO® Der Herr der Ringe™ (HKLM\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Manual CanoScan 5000,5000F,8000F (HKLM\...\{D9261CAB-3E1D-423C-9DD6-2001056DA292}) (Version:  - )
McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version:  - )
Meine Tierarztpraxis in Australien (Nur Entfernen) (HKLM\...\Meine Tierarztpraxis in Australien) (Version:  - )
Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH)
metaCrawler (HKLM\...\metaCrawler) (Version:  - metaCrawler) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM\...\Motocross Madness 2) (Version:  - )
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.65 (HKLM\...\myphotobook) (Version: 3.65 - myphotobook)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon RAW Codec (HKLM\...\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}) (Version: 1.00.0000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.4.0 - Nikon)
Opera Stable 23.0.1522.75 (HKLM\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Personal Ancestral File 5 (HKLM\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.5 - Nikon)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
Presto! PageManager 6 (HKLM\...\{580183A6-FF92-11D5-9294-0050BA073EEC}) (Version:  - )
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
ProtectDisc Helper Driver 10 (HKLM\...\ProtectDisc Driver 10) (Version: 10.0.0.3 - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
RegUse (HKLM\...\RegUse) (Version: 1.0.3.2 - Honlyn (Macao Commercial Offshore) Limited)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeFinder Smartbar (HKLM\...\{877D0E59-6CBD-43C6-966F-1F4BA343AEEC}) (Version: 11.75.72.18057 - Linkury Ltd.) <==== ATTENTION
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version:  - )
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spielefieber Braingames für Vista    (HKLM\...\Spielefieber Braingames für Vista) (Version:   - KlickMedia)
Star Stable 4 (HKLM\...\{A8522694-A08C-4844-872B-F69A175EF59C}) (Version: 1.00.0000 - Stabenfeldt)
Star Wars Empire at War (HKLM\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steuer-Hilfesammlung 2010 (HKLM\...\{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}) (Version: 17.10.0.0 - Haufe-Lexware GmbH & Co. KG)
Steuer-Sparer 2012 (HKLM\...\{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}) (Version: 17.11 - Wolters Kluwer Deutschland GmbH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
sweet-page uninstall (HKLM\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
TFD128 1.00 (HKLM\...\TFD_Deploy_0) (Version:  - )
TOSHIBA Accessibility (HKLM\...\InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}) (Version: 1.62.0.6C - TOSHIBA)
TOSHIBA Accessibility (Version: 1.62.0.6C - TOSHIBA) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Controls Driver (Version: 2.62.0.1C - TOSHIBA) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.3.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1 - TOSHIBA Corporation) Hidden
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0017 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017 - TOSHIBA) Hidden
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
Utility Common Driver (Version: 1.0.50.24C - TOSHIBA) Hidden
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.3.0 - Nikon)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VoiceTracer (HKLM\...\{54A13435-82CF-11D6-B859-C6D4DE0EF860}) (Version: 1.95 - )
Vokabelkartei interaktiv À plus! 2 (HKLM\...\{08DBA737-EAD2-4DDA-A48B-E7A8AEC45BD8}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Vokabelkartei interaktiv À plus! 4 (HKLM\...\{4D230951-6E24-4588-8B8C-D78E06F10A1C}) (Version: 1.00.0000 - Cornelsen Verlag GmbH)
Wildlife Park 2 Familien Edition (HKLM\...\{740B51D7-C903-4536-9530-B6304C937F51}) (Version: 2.00 - Deep Silver)
Wildlife Park 2 Horses (HKLM\...\{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}) (Version: 2.00 - Deep Silver)
Wildlife Park 3 v1.0 (HKLM\...\Wildlife Park 3_is1) (Version:  - bitComposer Games)
WildTangent-Spiele (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Winsol 2.00 (HKLM\...\Winsol_is1) (Version: 2.00 - Technische Alternative GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3586509278-78834929-860225448-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2014-04-27 14:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15B72F65-D23D-463C-A89C-D302BECADA67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1AFDE751-66A1-420C-BAED-2F748CD6E04D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23E19204-A4C0-4FE1-B046-07C8C569482F} - System32\Tasks\{14AD0C82-FB85-4C18-8A14-04D561BC579D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {2E4B6627-FA39-47F7-986F-BC68B44C2A1A} - System32\Tasks\Opera scheduled Autoupdate 1405625202 => C:\Program Files\Opera\launcher.exe [2014-08-08] (Opera Software)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {34DF98C5-A9D6-47F6-8294-54CAA3D1CB3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39D70AAE-4BA4-4E66-8AEC-5ADF274EE5AE} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {57FB448F-C823-41DB-B91A-1C0586C1CDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {6669A209-B771-4A2B-B9C7-B8070FEE4E1A} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG)
Task: {73D58360-79E6-4978-83D3-4FF2663087E5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {81D6AAFD-88F3-4289-B3AA-74297386338D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Conny => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {9B8B1DD8-E318-48DB-BE03-A5E343B59A6B} - System32\Tasks\{FFCD702D-C383-483E-9222-78453479684B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {BBCEF35F-709C-41BA-8461-A10BF63007AF} - System32\Tasks\{28CC4EDD-F8B3-4A32-AE6A-97AA732C005D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {D21B4A59-B972-4028-9D35-A15048FBBD99} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F851638C-3015-4550-B49A-5F3C8A042324} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {FA228AC1-CD41-427F-BE9E-59DBF4D1E3D2} - System32\Tasks\{443024A5-EF36-4634-ADDC-CA05EF656195} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-24 12:39 - 2009-04-24 12:39 - 00516096 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2008-02-24 09:49 - 2009-04-21 23:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-01-30 22:11 - 2009-01-30 22:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
1997-09-04 00:00 - 1997-09-04 00:00 - 03782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2008-02-24 09:50 - 2008-02-24 09:50 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 11:41 - 2009-01-30 11:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-02-24 09:50 - 2008-02-24 09:50 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-30 15:23 - 2014-07-30 15:24 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AAV UpdateService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HRService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SXDS10 => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rainer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: cfFncEnabler.exe => "C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe"
MSCONFIG\startupreg: NDSTray.exe => "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2014 09:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 08:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x16f8, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.

Error: (08/17/2014 08:45:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x530, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.

Error: (08/17/2014 08:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x12d8, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.

Error: (08/17/2014 08:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x14dc, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.

Error: (08/17/2014 08:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_14_0_0_179.exe, Version 14.0.0.179, Zeitstempel 0x53dc28d1, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x6d7f4618,
Prozess-ID 0x150c, Anwendungsstartzeit FlashPlayerPlugin_14_0_0_179.exe0.

Error: (08/17/2014 08:19:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 02:47:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CONNY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (08/17/2014 02:47:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CONNY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (08/17/2014 02:47:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\CONNY\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (08/17/2014 09:52:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/17/2014 09:52:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WindowsMangerProtect Service%%3

Error: (08/17/2014 09:50:46 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (08/17/2014 08:23:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (08/17/2014 08:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/17/2014 08:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WindowsMangerProtect Service%%3

Error: (08/17/2014 08:18:03 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Provider\Microsoft.Base.Publication/Publication/Computer

Error: (08/17/2014 08:17:56 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (08/17/2014 02:42:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/17/2014 02:42:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WindowsMangerProtect Service%%3


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-17 13:30:05.967
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 13:30:04.686
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 13:30:03.357
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 13:30:01.957
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 13:30:00.095
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 13:29:58.693
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 13:29:57.353
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-17 13:29:56.004
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-16 13:40:23.962
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-16 13:40:23.294
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 46%
Total physical RAM: 3035.93 MB
Available physical RAM: 1637.64 MB
Total Pagefile: 6276.09 MB
Available Pagefile: 4859.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.64 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:37.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:108.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 372.6 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=184.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Und nochmal Frst txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by Rainer (administrator) on RAINER-PC on 17-08-2014 22:04:08
Running from c:\Users\Rainer\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\S-1-5-21-3586509278-78834929-860225448-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut-Leiste.lnk
ShortcutTarget: Microsoft Office Shortcut-Leiste.lnk -> C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft-Indexerstellung.lnk
ShortcutTarget: Microsoft-Indexerstellung.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Rainer-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - F31624B0AF444080B7F139E05E41A758 URL = hxxp://isearch.avg.com/search?cid={72680FDB-E8CB-437D-AEE8-9F9D0761B89D}&mid=34d71d940f5847d1b30bd16a1c122099-aca251ad60a79a90d151588985182fee0518d1c3&lang=de&ds=tt014&pr=sa&d=2011-12-19 22:25:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {38AEB7B3-42CC-4C33-9290-BEA08B6FE742} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {B07F54E6-0806-47DB-B5D8-398F240776F2} file:///E:/viewer/ORDcmViewCD.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: haufereader - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default
FF NewTab: chrome://quick_start/content/index.html
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SafeFinder Smartbar - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\{72d7ceec-c464-5081-0713-43871ac8b749} [2014-07-17]
FF Extension: Ghostery - C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\Extensions\firefox@ghostery.com.xpi [2014-08-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-12-15]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: 
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx []
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2011-12-15]
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S4 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 HRService; C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe [71024 2010-10-25] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-10-06] (soft Xpansion)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation) [File not signed]
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software)
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [330144 2007-07-27] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [251680 2007-07-27] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S3 FTD2XX; C:\Windows\System32\Drivers\FTD2XX.sys [29292 2004-10-15] (FTDI Ltd.) [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2011-01-24] (FTDI Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SAFAUSB; C:\Windows\System32\Drivers\VocTrace.sys [16035 2003-12-19] (Windows (R) 2000 DDK provider)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-21] (TOSHIBA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S4 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X]
S3 catchme; \??\C:\Users\Rainer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 22:03 - 2014-08-17 22:03 - 00000000 ____D () C:\Users\Rainer\Downloads\FRST-OlderVersion
2014-08-17 21:56 - 2014-08-17 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-15 23:20 - 2014-08-15 23:20 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe
2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe
2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-15 21:36 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-15 21:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-15 21:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-15 21:34 - 2014-08-15 21:36 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe
2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml
2014-08-15 09:29 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 09:29 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 09:29 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 09:29 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 09:07 - 2014-07-24 23:33 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 09:07 - 2014-07-24 23:33 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 09:07 - 2014-07-24 23:33 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-08-14 09:07 - 2014-07-24 21:56 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-14 09:07 - 2014-07-24 21:49 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 09:07 - 2014-07-24 21:49 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 09:07 - 2014-07-24 21:48 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 09:07 - 2014-07-24 21:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 09:07 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 09:07 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 09:07 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 09:07 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 09:07 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 09:07 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 09:07 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 09:07 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 09:06 - 2014-07-25 06:26 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 09:06 - 2014-07-25 04:53 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt
2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe
2014-08-10 22:09 - 2014-08-10 22:12 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt
2014-08-10 22:03 - 2014-08-17 22:04 - 00021391 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls
2014-07-30 15:23 - 2014-07-30 15:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 11:46 - 2014-07-26 11:47 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif
2014-07-26 11:44 - 2014-07-26 11:45 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif
2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif
2014-07-26 11:43 - 2014-07-26 11:44 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif
2014-07-23 09:38 - 2014-08-15 21:09 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 09:38 - 2014-08-15 21:08 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 09:38 - 2014-08-15 21:04 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 22:04 - 2014-08-10 22:03 - 00021391 _____ () C:\Users\Rainer\Downloads\FRST.txt
2014-08-17 22:04 - 2013-11-11 00:10 - 00000000 ____D () C:\FRST
2014-08-17 22:03 - 2014-08-17 22:03 - 00000000 ____D () C:\Users\Rainer\Downloads\FRST-OlderVersion
2014-08-17 22:03 - 2014-04-29 00:09 - 01093632 _____ (Farbar) C:\Users\Rainer\Downloads\FRST.exe
2014-08-17 21:56 - 2014-08-17 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-17 21:56 - 2014-04-28 22:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 21:56 - 2013-02-20 08:55 - 00001756 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-17 21:54 - 2008-02-24 09:46 - 01277335 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 21:51 - 2014-06-22 14:29 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e15a8ab2474.job
2014-08-17 21:50 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 21:50 - 2006-11-02 14:47 - 00323320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 21:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 21:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 20:58 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-17 20:38 - 2012-04-04 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 20:34 - 2011-09-26 23:43 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 20:21 - 2011-11-26 10:09 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-08-17 20:20 - 2011-12-02 22:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-17 14:46 - 2010-11-17 08:51 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Skype
2014-08-17 13:07 - 2011-11-24 17:13 - 00000000 ____D () C:\Users\Marie-Sophie\AppData\Roaming\Skype
2014-08-17 13:04 - 2008-01-21 04:47 - 00974680 _____ () C:\Windows\PFRO.log
2014-08-16 00:36 - 2011-09-25 08:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 23:20 - 2014-08-15 23:20 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-15 23:20 - 2010-11-14 21:59 - 00000000 ____D () C:\Users\Rainer-User\AppData\Roaming\Skype
2014-08-15 23:20 - 2010-11-14 21:59 - 00000000 ____D () C:\ProgramData\Skype
2014-08-15 21:48 - 2014-08-15 21:48 - 00000870 _____ () C:\Users\Rainer\Desktop\JRT.txt
2014-08-15 21:39 - 2014-08-15 21:39 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(2).exe
2014-08-15 21:38 - 2014-08-15 21:38 - 01016261 _____ (Thisisu) C:\Users\Rainer\Downloads\JRT(1).exe
2014-08-15 21:37 - 2014-08-15 21:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-15 21:36 - 2014-08-15 21:34 - 00004611 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-15 21:36 - 2009-06-09 11:10 - 00000000 ____D () C:\Program Files\Java
2014-08-15 21:30 - 2012-04-04 21:24 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-15 21:30 - 2011-06-01 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 21:22 - 2013-10-07 23:17 - 00000000 ____D () C:\AdwCleaner
2014-08-15 21:17 - 2006-11-02 12:23 - 00000462 _____ () C:\Windows\win.ini
2014-08-15 21:16 - 2014-07-17 22:57 - 00000000 ____D () C:\Program Files\Deal Keeper
2014-08-15 21:09 - 2014-08-15 21:09 - 01356107 _____ () C:\Users\Rainer\Downloads\adwcleaner_3.305.exe
2014-08-15 21:09 - 2014-08-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-15 21:09 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iTunes
2014-08-15 21:08 - 2014-07-23 09:38 - 00000000 ____D () C:\Program Files\iPod
2014-08-15 21:04 - 2014-07-23 09:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-15 10:30 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-15 10:27 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-15 10:18 - 2008-01-21 09:16 - 01626604 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 10:16 - 2014-08-15 10:16 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml
2014-08-15 10:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 09:54 - 2013-08-07 12:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 09:34 - 2006-11-02 12:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-12 11:40 - 2014-07-17 21:26 - 00000000 ____D () C:\Program Files\Opera
2014-08-12 11:37 - 2010-09-01 12:44 - 00082968 _____ () C:\Users\Marie-Sophie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-10 22:52 - 2014-08-10 22:52 - 00002904 _____ () C:\Users\Rainer\Downloads\Gmer.txt
2014-08-10 22:13 - 2014-08-10 22:13 - 00380416 _____ () C:\Users\Rainer\Downloads\Gmer-19357.exe
2014-08-10 22:12 - 2014-08-10 22:09 - 00053977 _____ () C:\Users\Rainer\Downloads\Addition.txt
2014-08-10 22:01 - 2014-08-10 22:01 - 00000474 _____ () C:\Users\Rainer\Downloads\defogger_disable.log
2014-08-10 22:01 - 2014-08-10 22:01 - 00000000 _____ () C:\Users\Rainer\defogger_reenable
2014-08-10 22:01 - 2010-08-29 23:01 - 00000000 ____D () C:\Users\Rainer
2014-08-10 21:59 - 2014-08-10 21:59 - 00050477 _____ () C:\Users\Rainer\Downloads\Defogger.exe
2014-08-07 22:57 - 2014-08-07 22:57 - 00761344 _____ () C:\Users\Rainer-User\Downloads\E1408.xls
2014-08-04 23:44 - 2014-04-28 22:25 - 00000904 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-04 23:44 - 2014-04-28 22:25 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-04 23:42 - 2010-08-29 22:04 - 00082968 _____ () C:\Users\Rainer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 22:21 - 2011-11-20 21:37 - 00000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2014-08-04 22:21 - 2011-11-20 21:35 - 00000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-07-31 11:29 - 2014-05-07 23:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 15:24 - 2014-07-30 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 11:47 - 2014-07-26 11:46 - 11332468 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000179.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 10376070 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000180.tif
2014-07-26 11:46 - 2014-07-26 11:46 - 09944148 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000187.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08258510 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000188.tif
2014-07-26 11:45 - 2014-07-26 11:45 - 08216188 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000190.tif
2014-07-26 11:45 - 2014-07-26 11:44 - 09557174 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000191.tif
2014-07-26 11:44 - 2014-07-26 11:44 - 09139028 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000192.tif
2014-07-26 11:44 - 2014-07-26 11:43 - 03325696 _____ () C:\Users\Rainer-User\Downloads\MA-2011-000351.tif
2014-07-25 21:50 - 2011-12-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-07-25 21:40 - 2014-07-25 21:40 - 08877224 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009108.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 08108152 _____ () C:\Users\Rainer-User\Downloads\MA-2011-003547.tif
2014-07-25 21:40 - 2014-07-25 21:40 - 07543598 _____ () C:\Users\Rainer-User\Downloads\MA-2011-009141.tif
2014-07-25 12:55 - 2014-08-15 21:36 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-15 21:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-25 12:49 - 2014-08-15 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-25 06:26 - 2014-08-14 09:06 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-25 04:53 - 2014-08-14 09:06 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 23:33 - 2014-08-14 09:07 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 06024192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 23:33 - 2014-08-14 09:07 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 23:33 - 2014-08-14 09:07 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-07-24 21:56 - 2014-08-14 09:07 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-24 21:49 - 2014-08-14 09:07 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 21:49 - 2014-08-14 09:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-24 21:48 - 2014-08-14 09:07 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 21:48 - 2014-08-14 09:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-23 09:38 - 2011-08-09 23:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-23 09:32 - 2014-07-23 09:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-21 00:27 - 2014-07-17 23:03 - 00000000 ____D () C:\Users\Rainer-User\Documents\Corel
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-20 18:54 - 2010-09-18 16:08 - 00082968 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 18:14 - 2014-07-20 18:14 - 00455538 _____ () C:\Users\Rainer-User\Downloads\Bienenplakat.pptx
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Roaming\Opera Software
2014-07-20 15:19 - 2014-07-20 15:19 - 00000000 ____D () C:\Users\Conny\AppData\Local\Opera Software
2014-07-18 20:52 - 2010-08-30 08:29 - 00082968 _____ () C:\Users\Conny\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 21:56

==================== End Of Log ============================
         
--- --- ---

Ist der Rechner jetzt sauber?
Noch was ist mir aufgefallen:
MALWAREBYTE hat sein file als XML-Dokument gespeichert, beim Öffnen hat sich daraufhin der WIN-EXPLORER geöffnet, und der hat mir einen Warnhinweis geschickt, daß ein fremdes Programm die Starteinstellungen geändert habe, und EXPLORER habe dies verhindert.
Viele Grüße und vielen herzlichen Dank für Deine Hilfe.
Rainer

Geändert von Romanos (17.08.2014 um 21:19 Uhr)

Alt 17.08.2014, 21:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Defrag hat rein garnix mit Malwareerkennung zu tun.
Ich warte immer noch auf das neue Addition.txt Log.

Alt 17.08.2014, 21:29   #9
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo Cosinus,
das habe ich doch als zweites file in meine letzte Antwort hinzugefügt
War das was falsches?
Grüße
Rainer

Alt 17.08.2014, 21:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx []
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15]
C:\Program Files\Browser Guard
C:\Program Files\HomeTab
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Alt 17.08.2014, 23:03   #11
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo Cosinus,
... ok:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 03
Ran by Rainer at 2014-08-18 00:01:09 Run:2
Running from c:\Users\Rainer\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}
FF SearchPlugin: C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml
CHR HKLM\...\Chrome\Extension: [bddpogknpjlgfpbboediomaiiaecfajn] - C:\Program Files\HomeTab\chrome\HomeTab.crx []
CHR HKLM\...\Chrome\Extension: [kfepagcelbegkpkcjgfeecmlnmkedjin] - C:\Program Files\Browser Guard\browserguard.crx [2011-12-15]
C:\Program Files\Browser Guard
C:\Program Files\HomeTab
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\searchplugins\SafeFinder Search.xml => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bddpogknpjlgfpbboediomaiiaecfajn" => Key deleted successfully.
"C:\Program Files\HomeTab\chrome\HomeTab.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kfepagcelbegkpkcjgfeecmlnmkedjin" => Key deleted successfully.
"C:\Program Files\Browser Guard\browserguard.crx" => File/Directory not found.
"C:\Program Files\Browser Guard" => File/Directory not found.
"C:\Program Files\HomeTab" => File/Directory not found.

==== End of Fixlog ====
         
Viele Grüße
Rainer

Alt 17.08.2014, 23:28   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 18.08.2014, 21:56   #13
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo Cosinus,
hier mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.08.2014
Suchlauf-Zeit: 21:39:23
Logdatei: 
Administrator: Nein

Version: 2.00.2.1012
Malware Datenbank: v2014.08.18.09
Rootkit Datenbank: v2014.08.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Rainer-User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350521
Verstrichene Zeit: 13 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\Deal Keeper, Löschen bei Neustart, [32df33959edd64d270b78364bc4645bb], 

Registrierungswerte: 1
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1381094394899&tguid=66920-6787-1381094394899-AF07B6AD22DF51CE02B3D1B428BA0F24&q=%s, Löschen bei Neustart, [fa17e9df5526290d1bc8ac41956d9070]

Registrierungsdaten: 1
PUP.Optional.SafeFinder.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q={searchTerms}),Löschen bei Neustart,[c34e3a8e0d6e74c2346412b826deb34d]

Ordner: 0
(No malicious items detected)

Dateien: 12
PUP.Optional.SmartBar, C:\Windows\Installer\16f349.msi, Löschen bei Neustart, [29e8c3050d6eb284b78fd8569769e020], 
PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\searchplugins\SafeFinder Search.xml, Löschen bei Neustart, [6da4c008eb90d660ebc9e3fdbd45f60a], 
PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\searchplugins\SafeFinder Search.xml, Löschen bei Neustart, [db36fbcd9fdcfe3872423fa12fd3f709], 
PUP.Optional.HomeTab.A, c:\Windows\System32\Tasks\browser updater, Löschen bei Neustart, [57ba7b4d700b270f1f7df4f825dd3fc1], 
PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhEp2_hNugXObfirxBr1d1ge_nnAo8Ty_j-HcUT5JZxni7GS4_nN1zieGv6JVnk7VIeMgR0q-P9z7IVfnnt0Og,,");), Entfernung fehlgeschlagen,[2be606c28eedea4cb2db27de34d1b34d]
PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhcoVNGd0ftxUi4j2AO7hJN0DRWRoBFUjrMFw8_5xjaFphdr5FJozVxiSsrQeLB0bIa91kp5kNR7umA_W843vg,,");), Entfernung fehlgeschlagen,[63aee9dfe29980b6018d52b380856799]
PUP.Optional.SafeFinder.A, C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\x34256cx.default-1399701211823\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=");), Entfernung fehlgeschlagen,[947d1dabd4a7082eccc38e77b055ab55]
PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhEp2_hNugXObfirxBr1d1ge_nnAo8Ty_j-HcUT5JZxni7GS4_nN1zieGv6JVnk7VIeMgR0q-P9z7IVfnnt0Og,,");), Entfernung fehlgeschlagen,[5eb380486e0d2c0ad7b60afbde278f71]
PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLhcoVNGd0ftxUi4j2AO7hJN0DRWRoBFUjrMFw8_5xjaFphdr5FJozVxiSsrQeLB0bIa91kp5kNR7umA_W843vg,,");), Entfernung fehlgeschlagen,[ec258741463542f43c523fc6d92c0af6]
PUP.Optional.SafeFinder.A, C:\Users\Marie-Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\ax6adzos.default-1384291140671\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=");), Entfernung fehlgeschlagen,[0b06d7f17506fb3b5f3048bd4eb7a65a]
PUP.Optional.SafeFinder.A, C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HmPjeCV0pmwGMicem0sDkT3n6j6GlftxrCkuyklvKSWb5FcKUYupm-ZugD6xHMCLh1ErzCH6bsspH0TER-eLoz95qulOLHQhlmFnlqRsQDAFB43kHYrJaFSm5_FOEmeo7pYh-ktp4WSsF8CxMJUbQ,,&q=");), Entfernung fehlgeschlagen,[918014b48bf09a9c652a759029dc4bb5]
PUP.Optional.QuickStart.A, C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Entfernung fehlgeschlagen,[c24f5276adcebc7aa9eaac5961a4629e]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Allerdings, wie schon geschrieben, ist das MBAM-Programm schon älter und ich habe nicht die Premium-Version gekauft, die 'Lizenz ist nicht mehr gültig'. Er hat aber die aktuelle Datenbank-Version gezogen....

das ESET Programm läuft gerade, ... warum ich die Bedrohungen nicht entfernen soll, verstehe ich nicht recht, ... es scheint mir, daß der Rechner noch die ganze Zeit damit zu tun hat, ... ich poste das dann später, ja?
Grüße
Romanos

Alt 18.08.2014, 23:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Zum Scan den wir aufgeben brauchst du keine Softwarelizenzen zu kaufen

Zitat:
warum ich die Bedrohungen nicht entfernen soll, verstehe ich nicht recht, ... es scheint mir, daß der Rechner noch die ganze Zeit damit zu tun hat, ... ich poste das dann später, ja?
Weil die Ergebnisse eines Virenscanners nunmal nicht gottgegeben sind und auch falsch sein können.

Alt 19.08.2014, 07:35   #15
Romanos
 
Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Standard

Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download



Hallo Cosinus,
hier Teil 2, ESET:
C:\Programme\Eset\EsetOnlineScanner\log.txt:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0c3c12671b349a44a6b04c72e8bf3b5c
# engine=19718
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-19 05:59:42
# local_time=2014-08-19 07:59:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 100 100 2073873 94846597 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 83104 245960709 0 0
# scanned=1179588
# found=349
# cleaned=0
# scan_time=34611
sh=7E0CDD6AE0E47C45992BEE330DB97DD842A90DE5 ft=1 fh=5fa355266699fe94 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\GenericAskToolbar.dll.vir"
sh=0BB64F54CAA8A47889A19FC122706A789656E0AA ft=1 fh=96ba92304b133aaf vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\precache.exe.vir"
sh=C6BFD87DFA88D2079A16DC77887D9A4CC133B274 ft=1 fh=8e4a37a044b6b1cc vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir"
sh=C2EAFF8EE17CAA897838770F3344B4822A587CBF ft=1 fh=e234678fdc8a8642 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir"
sh=51E5F9D19ED3EC2EEFCB4BF3B2105A464BEC2D4A ft=1 fh=6931b7fb73b262fc vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir"
sh=6E31A6D60056AE0AA43DC0EF2501E0A83FF0C782 ft=1 fh=ec910ffbdbda110c vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir"
sh=59DD5EE915CCCA98D1329605AD77B127B98893FE ft=1 fh=eb4cb7c197bff82c vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\DealKeeperUn.exe.vir"
sh=9E1FE41121F8E7BAEA352108420B53D04AC1B320 ft=1 fh=8168a9cff5679a6a vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\DealKeeperUninstall.exe.vir"
sh=016147552B73B0C35629533AB28CF138004241AD ft=1 fh=f50887e7fa60f0c2 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\updateDealKeeper.exe.vir"
sh=F62AAB033BDFA26DAA7D24C9F2F2E6805F6D9EC9 ft=1 fh=ba0a88b2634d5585 vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\DealKeeperBAApp.dll.vir"
sh=016147552B73B0C35629533AB28CF138004241AD ft=1 fh=f50887e7fa60f0c2 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\utilDealKeeper.exe.vir"
sh=F37EC95938B0636F85ED97DDF6BF84513988EBEB ft=1 fh=d41af64508c77e9b vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\{55dce8ba-9dec-4013-937e-adbf9317d990}.dll.vir"
sh=170E2E527537D8809934FBC7FBC1A2B86A76820F ft=1 fh=1871d3b7ca647c48 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.Bromon.dll.vir"
sh=88A7C46AF7FA6CB71E5CAC3B303DC5646EA42196 ft=1 fh=d4937639555307fb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.BroStats.dll.vir"
sh=FAF16B66DB3D0A5FF26FBD632F94E7A57B056321 ft=1 fh=e55fa3e436817ab4 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.BrowserAdapter.dll.vir"
sh=43EF7F47578237FD717FBED0DFD2998763858047 ft=1 fh=c6a0b13f30eb7a42 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.BrowserAdapterS.dll.vir"
sh=4E898476840715216B199B76595010C3CDF4FE9A ft=1 fh=6cb10df9cd248cc9 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.CompatibilityChecker.dll.vir"
sh=09E71B4C36BAC173B063D88C3AFE49D141DBDB70 ft=1 fh=f1b6340f9ee3c645 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.FeSvc.dll.vir"
sh=5882D0ABAAB4A5487FC2DB7B13EBAD7318EC0C54 ft=1 fh=f1999664eccf318b vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.FFUpdate.dll.vir"
sh=E9399C2FC030B062B6DB28578CAA2BB9AE7B5EC1 ft=1 fh=a70719939dba606e vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.IEUpdate.dll.vir"
sh=998FEBA8B46DCA3EAC3FEE3528A0A19386002F85 ft=1 fh=5aa61d4f42aa1a5f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.PurBrowse.dll.vir"
sh=6ACA208EFB74E1C10361E2A621FC8A7320DC5153 ft=1 fh=846de44f9831ddf1 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.PurBrowseG.dll.vir"
sh=EA7D526464C82551DBE57058EAD544A703409898 ft=1 fh=31515d7da495dc35 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Deal Keeper\bin\plugins\DealKeeper.Repmon.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\ProxySettings.dll.vir"
sh=7A25525A155F22BF98F1E6E1D016A9812A117B18 ft=1 fh=b7fbaed19c0a7686 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Common.dll.vir"
sh=863FE39D295E1D7E96A7EE009B2C7456FED16449 ft=1 fh=18674c0a95b0173f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Communication.dll.vir"
sh=56BD28D693AD3BC8FA79C638DDC4121AE4DA6B55 ft=1 fh=940d9f22e74044fa vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\LPT\srut.dll.vir"
sh=C60A7F65B55FF089C5AB2EC2C6E9D6629314A9D8 ft=1 fh=c71c001174b731d0 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MetaCrawler\1.8.19.0\metacrawlerEng.dll.vir"
sh=B7132AC57753BA910A2A449B424D90F3DC26E25F ft=1 fh=c71c0011fec1b59e vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MetaCrawler\1.8.19.0\metacrawlersrv.exe.vir"
sh=CED05266ECDC6547AFB0B18E7AB4DBCCA5535FB9 ft=1 fh=2791e6518558f99b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=1DBF1556C82A78CA45882E66DD83C0A977BF8D23 ft=1 fh=328989ef9803066c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=C5883F4245AE2C0515FB1D04A08FD82885B06398 ft=1 fh=8d649859311d4519 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=EA186A56E0445AF8E5F382F56F42F91682CFED3B ft=1 fh=875c743a5b727b00 vn="Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=9E90A050EB0BB1CEAB5633BCE404E5D5BC307647 ft=1 fh=2563181150dc44ea vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=16CF5D6E11C0F55548A67B8B5D04FA3460C76A2D ft=1 fh=7418003a088e68c3 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=C03584BE4ED7835858158D1C38D6B08317E2FC82 ft=1 fh=a96a1125b953bd6a vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=67642DACDC22ED45AF7947E4F47B1B8463E4162C ft=1 fh=b08cc40f36e9035a vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=58082C6FD69B624C913A4F5B4F0E1641EAAB2C6F ft=1 fh=311ff3fd5f86bccf vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9CA8EBFF024F34D076C7BFFF92B978D99251DC66 ft=1 fh=03cf8fdbea9a76d3 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conny\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ED655701B03936B871651E5770585386DDAAB078 ft=1 fh=3593d5f1ffbf9e69 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marie-Sophie\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marie-Sophie\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\ProxySettings.dll.vir"
sh=7E47A57ED8B727A31476E461735B6D4382F52FC2 ft=1 fh=aee3bc185f460d7d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Common.dll.vir"
sh=82D5BA9ED459A56889AB2F52A994E5D9A67280E6 ft=1 fh=1cc7a8b23dfb8150 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Communication.dll.vir"
sh=42DE5AC4ED9371EC4586F3707A9DBF08FEDE9F5F ft=1 fh=57f5791ff7e05ab3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\LPT\srut.dll.vir"
sh=4E5D92595443236644E528632B6699C8A7EBE8D5 ft=1 fh=1eb7510ee00f9c58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll.vir"
sh=A55D4EA91A73476CFC39F9243AC27EC09E9C0F4D ft=1 fh=c54337ac7025bfe7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Interop.WMPLib.dll.vir"
sh=ED855898AD4B1A0517619E79885FD5D9759C3474 ft=1 fh=82dff98c028ea9bd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\lrcnt.dll.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\lrrot.dll.vir"
sh=878A4617D726E071ABE4AF5DB1B4DA5957D1B16E ft=1 fh=d6fca51930e9dc58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\MACTrackBarLib.dll.vir"
sh=6471E21EC42F3B4FF5477871DAF8418AD3507A6C ft=1 fh=6d68ef2b3a2291fd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\NDde.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll.vir"
sh=E9381BFA75212C12F3BDE68754A0B495D886AD41 ft=1 fh=4ba77598f07864e5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\PIFlagsManager.dll.vir"
sh=7D178D66ACCEC44EA92DDCBE65870F7274C79BB1 ft=1 fh=a1af8c319d24b6a5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\PILogger.dll.vir"
sh=6748E6203AEE40073ACE0F93A82D2657B9238608 ft=1 fh=b7c713bcf0a56eae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\PILogManager.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\ProxySettings.dll.vir"
sh=21D908FA50C96DD091F51E08C3265726B04E01BB ft=1 fh=838329ef90e97a27 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sgml.dll.vir"
sh=F1528D4A05BEF26C2606D25B49188D2470D63438 ft=1 fh=58fe00ecdeeab471 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sgmu.dll.vir"
sh=A0D2F674357EDC8726D8F07076925EC5E381E724 ft=1 fh=07f2f155048055c9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sidb.dll.vir"
sh=E7D1EDF68B80704460E90BCDD8D8F3B2439822CD ft=1 fh=c561291c53b1276d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\siem.dll.vir"
sh=5E839CD0FFACD4569708702BAE95819041E049A3 ft=1 fh=191560178ca36b9a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sipb.dll.vir"
sh=435F2D00B0365C1E1ADF690471C16985ED892DA9 ft=1 fh=445fd9948346c1a0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sismlp.dll.vir"
sh=7E47A57ED8B727A31476E461735B6D4382F52FC2 ft=1 fh=aee3bc185f460d7d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Common.dll.vir"
sh=82D5BA9ED459A56889AB2F52A994E5D9A67280E6 ft=1 fh=1cc7a8b23dfb8150 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Communication.dll.vir"
sh=42DE5AC4ED9371EC4586F3707A9DBF08FEDE9F5F ft=1 fh=57f5791ff7e05ab3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Communication.NamedPipe.dll.vir"
sh=2904D7199A1567D28C7045CACDF3E50618EAFC51 ft=1 fh=6b291fa951dab9b6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=EBE5900E2C2F82BB0AD455DF034D658016DDE774 ft=1 fh=e17f9ebc60461f4e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll.vir"
sh=6969CBC9D4F45BD6A52CA5FE737531FE0B86DD84 ft=1 fh=aa645310305a123c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=F0EF421BB7C01DB13F8B0C74707F9CD831B7FEB2 ft=1 fh=a2d7d36dcaf29dce vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll.vir"
sh=A412FC8FF8700C198EB971D720B3DEB19F9D8258 ft=1 fh=fd562c508ad8db0f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=A8730785960F57126DE56B44DC9AEC6EF5AF869F ft=1 fh=df6562dfb6c60e8e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=3FDD76DF7F4C706455ACE776063134BEB204745A ft=1 fh=7f1e2b5f91faf715 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=3370FB9F2C83CBFD428D6AE58A68EC53C211C717 ft=1 fh=add2ba941aed0e75 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=19FA34C3DF856B0A1C514D17E152E1ECE44A3764 ft=1 fh=4f8b99977320baf7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll.vir"
sh=8B04E5BDF0D7192B55C2CA8E409702A2C6F6167F ft=1 fh=bce0a968d3775b78 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll.vir"
sh=895AF5B66C0A8D2C8084DD0B9BCE3F940E65EBCB ft=1 fh=9b29fc376724d9fe vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll.vir"
sh=DE2B7F212165E3EE9BDCD389B017817929E52170 ft=1 fh=50f856c61d395278 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll.vir"
sh=B827BF672B0B58204F228D71BF81A5A9E154D3AD ft=1 fh=f478efe034b49c74 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=B827BF672B0B58204F228D71BF81A5A9E154D3AD ft=1 fh=f478efe034b49c74 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=A9451B3E09D7054FD33AEB8D967B68DEFF1F4A9C ft=1 fh=ba2aff9afb52849b vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=A9451B3E09D7054FD33AEB8D967B68DEFF1F4A9C ft=1 fh=ba2aff9afb52849b vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=9CADF895659371F2E3A946BAE3E4C2036F0D67C6 ft=1 fh=2b30f997065281d7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smsp.dll.vir"
sh=62CD4B2693E21F15F28655778AC596903801A9D7 ft=1 fh=bcf91880b631dcf2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=29DFAAB6375D54EBB240D27E9B53E6B9D4D96D0F ft=1 fh=c4490daddc4e5410 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smti.dll.vir"
sh=C880ECAB4D5D7D781C9B55A46D71A54B500724AB ft=1 fh=aaf5cca1ca842188 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=0A235F6957527BF97E97994C989FB499ED2AFB60 ft=1 fh=79739653ed904554 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=C73F41CF67F9F36B8873104573A9087D08470019 ft=1 fh=a9085c96aa7f9a4d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=771D9E380C97ABED3C294865A19629831EC976B4 ft=1 fh=3018766d6e6edcbf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=4D7317B20576C5EBADD8DCDD6B759A0C56069945 ft=1 fh=8840b3fbb5ed21de vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=CEC509458B51EF2AE0C7A198778B897B7BF87394 ft=1 fh=5e4dcdd0e6ad900a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srbhu.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sreu.dll.vir"
sh=1508557D2782A75C925D674F99DDD9FC14516000 ft=1 fh=1b192f6bef5ecfda vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srgu.dll.vir"
sh=44BD5D02885387612AC91E2867633A4473493D1E ft=1 fh=3ffc7c6d773952bd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srns.dll.vir"
sh=05B583777EC524C960E226EC3572C0C936352924 ft=1 fh=dc7b18a77967e0a5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srom.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srprl.dll.vir"
sh=21E353A7D259E8912FEEB9DE836A86934C3123C6 ft=1 fh=437f10d20ccd624e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=D0D91AA2A5D8750CF38A7B87DCD3DAB0B55277EB ft=1 fh=4fc8a58c6d53fb3d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srsbs.dll.vir"
sh=9DEE96BFBCAE69821A98B7988B287DA6D8B6D421 ft=1 fh=621702fb64f09bf3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srsbsau.dll.vir"
sh=55F3D2AAE33A9A68CE537946FCE80ECC6C322563 ft=1 fh=c01d5221a5da1280 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srsl.dll.vir"
sh=C062D4B2990D76407C210D32BB3564B183243113 ft=1 fh=d56cc839b06d8b01 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\sruhs.dll.vir"
sh=E3A6C75E5FF0B6A13A889E2C03D55F243416C469 ft=1 fh=9fe88d3368291350 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srus.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=7EF38DBE4E68777EF54E1DD7DA04C47534701F07 ft=1 fh=d3493b0d6ef7d73d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=8794550C530FB81033BC5BE76EFA204E2A729D5B ft=1 fh=c911f2f366e79985 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0FDD7FF166139B9D80B617F28B8AA5749F3A3FF2 ft=1 fh=261312001847d270 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=495DFF80D52F328383115D1EB9963CDDE91A67CA ft=1 fh=c9e5b36474ec6374 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=08F862797A867C051120BF418022A2E53EFDD801 ft=1 fh=e8518d6d05a74cf5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=2CE4AC0873CC8F74062F55763140C0675FAC5EE0 ft=1 fh=0356a22255daa2de vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=36E31354BDEA960B9E966413460C3CB81036C629 ft=1 fh=107c58d6ba93a4af vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=7E0DF8CB3179C8E1C8938D7FDC6C041935BA2AAF ft=1 fh=9f2d1e13902d149b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=01ED9613E8CF31B16D6447012E7C257510AE16D5 ft=1 fh=c540277def73d46f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=2C0E7ACA0DFB0E07BDD7095CDB5CC3C5A15CD2CE ft=1 fh=a620b848fbe1fd90 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=77863B577D8501F979A2624BEC76BAB781909E2F ft=1 fh=ea81eeb9431c5542 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0A09BD9D446210A9498B1C537ADF3A06D0760148 ft=1 fh=3917c688ec581966 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=F206D8959FA7A43CC2D5E85F5A87E3E63D8EC274 ft=1 fh=5f24e9703b251499 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.AdvancedExeLauncherPlugin.dll.vir"
sh=C211C988D8D404D8E6CBBCDFE148D4AA665A472D ft=1 fh=6883e4752b24df90 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.CustomControl.dll.vir"
sh=34935F4777836482ADA3622C77F3C3B9223C0D24 ft=1 fh=c08830e30506da54 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir"
sh=12A6459952761EC4CC0E2347B59BF56D8D27462D ft=1 fh=e898fb13ccce5068 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir"
sh=2345D7AA31132194AEB5D775DD58E0D8844900BA ft=1 fh=2964156c700371c9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir"
sh=C606341C9BDB6958509DD3D70AF84A0A2F1EAB74 ft=1 fh=1e52b348b29a981e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir"
sh=787D21774D18B3BD5909C42E653EC78F0AA2DA1E ft=1 fh=ac45c2af56ed6bd9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir"
sh=706F2A59D8244F56718AFB7B0B277B889A797DFC ft=1 fh=cd709ccceaef19a2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.YoutubeDownloadPlugin.dll.vir"
sh=A1B914E6889C79FD2FF7710652AFF75B9577B144 ft=1 fh=a8bf8c33e84bc937 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=B440276E183DBAC6788EF3A0E6082C55E571170D ft=1 fh=62c0c4858bcf9d29 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Roaming\MetaCrawler\UpdateProc\UpdateTask.exe.vir"
sh=1A278C9611A807BB4319B4DBC0CC28D5B61139E2 ft=1 fh=dc9029d19ecf454f vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer-User\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer-User\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Rainer-User\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=4C22703DB4A042AD25EE88C56D48A641F0A3340D ft=1 fh=b9ea346e4f1dd435 vn="Win32/RiskWare.NetFilter.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt.sys.vir"
sh=2A8D8BD13AE55D8076C834B8C4C3C2A12713C82A ft=1 fh=c71c00116ea9c234 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\ZipExtractorSetup.exe"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnStub.exe"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=C78FB212C8E69E28ADED45E3449B484AD989C3C9 ft=1 fh=d8d5f1f763ce53db vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Common Files\DVDVideoSoft\AskTB\DVDVideoSoftToolbar.exe"
sh=349DCE51219EFA0C870578961896320294FC0B26 ft=1 fh=ccf2c853f99716a7 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe"
sh=F62AAB033BDFA26DAA7D24C9F2F2E6805F6D9EC9 ft=1 fh=ba0a88b2634d5585 vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Deal Keeper\bin\DealKeeperBAApp.dll"
sh=F37EC95938B0636F85ED97DDF6BF84513988EBEB ft=1 fh=d41af64508c77e9b vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Deal Keeper\bin\{55dce8ba-9dec-4013-937e-adbf9317d990}.dll"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js.vir"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js.vir"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js.vir"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js.vir"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=BB51F0B482DCE267913B695EBCDD1E9AF79583A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=83D599FA708D26F2F1D43E847C2CD2AA9AB540E6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=29CB94A9EF520B57B797DE819EEA88BA3ED5239F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js.vir"
sh=91A6607DBD508E202138D84D346DE82921F06C9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js.vir"
sh=5C5A008E55F177D6F69D40492574390E4EADCF7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=2CAA8A9B9F1D7D41CAD7CD1DE9C253EF4411A15E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js.vir"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js.vir"
sh=9200578E0A1027E0EE00111B9545601BC953C1A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=153D61D882922BA440ED0EDB0BE44F58CB47DC5B ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UP3UM0CL\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].elfo"
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\159_cortica_rollover_m.js"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\171_arcadi2_sourceID_m.js"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js"
sh=BB51F0B482DCE267913B695EBCDD1E9AF79583A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\175_coolmirage_m.js"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\179_revizer_p_dynamic_m.js"
sh=83D599FA708D26F2F1D43E847C2CD2AA9AB540E6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\180_bpo_serp_m.js"
sh=29CB94A9EF520B57B797DE819EEA88BA3ED5239F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Desktop\Alte Firefox-Daten\vjm6n5l7.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=5202E51201D6D1FDA57BAD612477A46DF4118D79 ft=1 fh=febf1be35c9e6018 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Downloads\FreeYouTubeToMp3Converter.exe"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Downloads\FreeYouTubeToMp3Converter39.exe"
sh=FA8005C94338A7972F778952BB5BE1D7A69CD843 ft=1 fh=da3685046f93e04f vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Conny\Downloads\registrybooster.exe"
sh=2DD2680A658565148FC92DB40207AA52EE49EAE8 ft=1 fh=9af9006bf92fa775 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Conny\Downloads\Reguse_Installer.exe"
sh=153D61D882922BA440ED0EDB0BE44F58CB47DC5B ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\45MDD3X0\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].elfo"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js"
sh=91A6607DBD508E202138D84D346DE82921F06C9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js"
sh=5C5A008E55F177D6F69D40492574390E4EADCF7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js"
sh=2CAA8A9B9F1D7D41CAD7CD1DE9C253EF4411A15E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js"
sh=9200578E0A1027E0EE00111B9545601BC953C1A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Desktop\Alte Firefox-Daten\7mesyuq5.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=AD465C71F1C21D58AA4B3301F5506B6AE0F004D3 ft=1 fh=1df906e291630566 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeAudioConverter.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=786F7AEE16CEC1A5BFE05809DFF81E4245E163CF ft=1 fh=e44ca0af77a0f02f vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeYouTubeToMP3Converter.exe"
sh=63C07F52802B59710924F75C01DCFEFFA338E063 ft=1 fh=43a6f6e7aec8b73c vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marie-Sophie\Downloads\FreeYouTubeToMP3Converter105.exe"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_25.dll"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_26.dll"
sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_27.dll"
sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_28.dll"
sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_29.dll"
sh=36E31354BDEA960B9E966413460C3CB81036C629 ft=1 fh=107c58d6ba93a4af vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer\AppData\Roaming\Mozilla\Firefox\Profiles\yztin5xb.default\extensions\{72d7ceec-c464-5081-0713-43871ac8b749}\components\SmartbarFireFoxRemotePlugin_30.dll"
sh=1ECEAF181DC0006EE76B299E90CC808A55797637 ft=1 fh=32d2465f103c3ca2 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\avira_free_antivirus_de(1).exe.part"
sh=1ECEAF181DC0006EE76B299E90CC808A55797637 ft=1 fh=32d2465f103c3ca2 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\avira_free_antivirus_de.exe"
sh=C700FF3CC6C53AF7F4E4B4835B44F10B631AAB91 ft=1 fh=d047f09cfa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\Core-Temp-lnstall.exe"
sh=0E63EDE6A102841AC5A6C5A9E40F2170185D4E69 ft=1 fh=964d25fcb82ba285 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe"
sh=B25DFC38B84D9E21F4ECE88E942AAF3CC22EAB8E ft=1 fh=cda1cbd4b2e6ebee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP333Converter.exe"
sh=C293F0089EED7C6C97CC48D7DA118E2259FADB09 ft=1 fh=79c6cb0891df0e5a vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=660DBBCCB3CECB907102247E33A2763B885BC22F ft=1 fh=08d795d06aaee6ee vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter(2).exe"
sh=C293F0089EED7C6C97CC48D7DA118E2259FADB09 ft=1 fh=79c6cb0891df0e5a vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\FreeYouTubeToMP3Converter31011.exe"
sh=AEA202E75EB4A7B17250E6DCA3B2470D83247036 ft=1 fh=67bcb2b84dcf5931 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Rainer-User\Downloads\SweetImSetup.exe"
sh=4E5D92595443236644E528632B6699C8A7EBE8D5 ft=1 fh=1eb7510ee00f9c58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=797D6EBAB67127D1CE6E31B36FB2046BA0AF1818 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\16f349.msi"
sh=408CC64656FB85DFC42121CB9B8E67618023D6AF ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\16f34f.msi"
sh=DC3C29A963871A9FF0613FFEC4FC39AB04760924 ft=1 fh=aa8756f8c51680cf vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\MSI4176.tmp"
         
... kann sein, daß ich die nächsten Tage nicht an den Rechner drankomme, weil wir die Handwerker im Haus haben, das ganze Haus wird neu vernetzt, ...
Viele Grüße und vielen Dank für Deine Hilfe, ... ißt Du gerne Honig, oder Marmelade?
Romanos

Geändert von Romanos (19.08.2014 um 07:40 Uhr)

Antwort

Themen zu Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download
4d36e972-e325-11ce-bfc1-08002be10318, branding, device driver, dvdvideosoft ltd., fast start, linkury, mcafee firewall, msil/browsefox.e, msil/browsefox.g, msil/toolbar.linkury.f, msil/toolbar.linkury.g, newtab, pc speed maximizer, pup.optional.certifiedtoolbar.a, pup.optional.dealkeeper.a, pup.optional.hometab.a, pup.optional.quickstart.a, pup.optional.safefinder.a, pup.optional.smartbar, teredo, update deal keeper, win32/browsefox.c, win32/browsefox.h, win32/browsefox.m, win32/browsefox.n, win32/bundled.toolbar.ask.g, win32/elex.ar, win32/thinknice.b, win32/thinknice.d, win32/toolbar.conduit.ai, win32/toolbar.conduit.b, win32/toolbar.linkury.g, win32/toolbar.montiera.a, win64/thinknice.a, win64/thinknice.b, windowsmangerprotect



Ähnliche Themen: Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download


  1. PC langsam nach Installation über Chip.de und istartsurf Startseite
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (12)
  2. unerwünschte Werbebanner in Chrome (Offers.ByContext.com)
    Log-Analyse und Auswertung - 16.03.2015 (11)
  3. Windows 7: PUA/DownloadSponsor.Gen Befall nach Besuch chip.de
    Log-Analyse und Auswertung - 15.03.2015 (9)
  4. Storm Alert Adware nach Installation eines Stream-Programmes von chip.de
    Log-Analyse und Auswertung - 24.12.2014 (12)
  5. Malwarefund bei download von chip (HEUR/QVM11.0.Malware.gen)
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (1)
  6. unerwünschtes Programm AppsWatcher nach PDF-creator-Download von CHIP.de
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (9)
  7. Offers.ByContext.com entfernen
    Anleitungen, FAQs & Links - 08.07.2014 (2)
  8. Anti Twin Portable - Chip Installer.exe installiert von www.chip.de - Virenallarm
    Plagegeister aller Art und deren Bekämpfung - 29.06.2014 (5)
  9. Verdächtige Umleitung auf Flashplayer-Download in Opera
    Log-Analyse und Auswertung - 29.05.2014 (9)
  10. Nach Download von "MyphoneExplorer" von chip.de - Spyware, Adware - jetzt Trojaner! (Win32/Injected.F Trojaner)
    Log-Analyse und Auswertung - 16.04.2014 (7)
  11. Adware.Lollipop.D erkannt bei Download von Chip & Co.
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (10)
  12. Windows 8: potentieller Virus/Trojaner nach Download von "Free m4a to mp3 converter" von chip.de - Einblendungen in Firefox und am Desktop
    Log-Analyse und Auswertung - 30.10.2013 (9)
  13. http://www.searchnu.com/413 von Chip.de. Klasse Magazin. Bietet infizierte Software zum Download an.
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (9)
  14. 2x | http://www.searchnu.com/413 von Chip.de. Klasse Magazin. Bietet infizierte Software zum Download an.
    Mülltonne - 10.03.2013 (1)
  15. Avast Free möchte download von Chip.de in Sandbox ausführen - Misstrauen gerecht?
    Antiviren-, Firewall- und andere Schutzprogramme - 25.10.2011 (3)
  16. AV Security Suite - Nach Entfernung öffnen sich in Firefox ungewünschte Tabs
    Log-Analyse und Auswertung - 15.07.2010 (29)
  17. Internetexplorer wechselt nach gewisser Zeit auf ungewünschte Seite
    Plagegeister aller Art und deren Bekämpfung - 23.01.2005 (11)

Zum Thema Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download - Hallo, ich habe über Chip.de COREL-DRAW Testversion runtergeladen und dabei jede Menge anderer Sachen dazubekommen, die mir das Leben erschweren, ... Leider. Bereits im April/Mai hattet Ihr mir geholfen, und - Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download...
Archiv
Du betrachtest: Ungewünschte Umleitung zu bycontext.com nach CHIP.DE-Download auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.