|
"Quick Start NewTab" entfernen Hallo liebe Community, Ich habe mir heute ein Spiel gedownloadet und anscheinend ein wenig Arbeit mitbekommen. Als erstes wars ein Browservirus, das 2. mal wieder. für diese könnte ich auf Chip.de lösungen finden und sie somit entfernen/deinstallieren. Jetzt stehe ich aber bei Quick Start NewTab an! Habe hier im Forum schonmal eine grobe Anleitung gelesen und Malewarebytes Anti Maleware installiert und scannen lassen, hier der LogFile: <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2014/04/13 22:58:40 +0200</date> <log>mbam-log-2014-04-13 (22-48-49).xml</log> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.1.1004</version> <rules-database>v2014.04.13.08</rules-database> <swissarmy-database>v2014.03.27.01</swissarmy-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Sebastian</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>248658</objects> <time>589</time> <processes>3</processes> <modules>1</modules> <keys>95</keys> <values>4</values> <datas>17</datas> <folders>41</folders> <files>148</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <shuriken>enabled</shuriken> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<process> <path>C:\ProgramData\WPM\wprotectmanager.exe</path> <vendor>PUP.Optional.WpManager</vendor> <action>delete-on-reboot</action> <pid>2984</pid> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </process> -<process> <path>C:\ProgramData\IePluginService\PluginService.exe</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>delete-on-reboot</action> <pid>2780</pid> <hash>66763aefd0ab8babbcbc163a44bd2ad6</hash> </process> -<process> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <pid>2896</pid> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </process> -<module> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </module> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm</path> <vendor>PUP.Optional.WpManager</vendor> <action>success</action> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WPM</path> <vendor>PUP.Optional.WpManager</vendor> <action>success</action> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </key> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>66763aefd0ab8babbcbc163a44bd2ad6</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}</path> <vendor>PUP.Optional.QuickShare.A</vendor> <action>success</action> <hash>528a52d72f4cbe78ccb4e7605ca6aa56</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}</path> <vendor>PUP.Optional.QuickShare.A</vendor> <action>success</action> <hash>528a52d72f4cbe78ccb4e7605ca6aa56</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3CFAF932-A9CB-4E59-99A0-FE04E9DF9328}</path> <vendor>PUP.Optional.NetTock.A</vendor> <action>success</action> <hash>b62608215427cc6a4fc854be12f0ab55</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CFAF932-A9CB-4E59-99A0-FE04E9DF9328}</path> <vendor>PUP.Optional.NetTock.A</vendor> <action>success</action> <hash>b62608215427cc6a4fc854be12f0ab55</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\TYPELIB\{363BB65D-1747-4826-B445-1DA6244E2037}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{363BB65D-1747-4826-B445-1DA6244E2037}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>6d6f46e391eacd698326de8c4db56b95</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>2bb130f9354646f00f9a86e422e0669a</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a13b5acf116a0d29f0b97af02bd79967</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>2bb175b4087364d22d7bf2781ee413ed</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4696c861fb80e84e0b9e3e2cf40e35cb</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>9745f534037873c3c6e3185203ffaf51</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>32aa67c28fec73c324854a2003ffc53b</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d00cb079c4b72115cddc432742c0966a</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>23b9a980b9c28da94d5c14560cf6a759</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a03c2702205b42f4b4f50268c43ed22e</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>20bc03267b00b97d4564ea80847e8779</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>14c8e5441a61dc5abeeb6bff12f00bf5</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>8b51d05997e483b3c5e4bcaec93906fa</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>5884bb6ebcbfe84efcadec7eb64c5fa1</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>e5f7ec3db6c5d75f38712149fc061ee2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>f4e8a1880b70b086654446240002ec14</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>09d383a64e2d95a1b6f3bcaea95944bc</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>7e5e28012853072fa801d991d0326d93</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>bb2155d45a21b185e5c44a208a78669a</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>459738f1b2c93600a7021a50b15151af</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>9f3d03261d5e56e010995e0c08fa03fd</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>716b5acf68131d192980b4b6cf3312ee</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>697338f1df9c49ed25843e2cc53d20e0</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>fedee346245725111f8afa70a85a9f61</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>20bca782afcc89ad9a0f51192bd706fa</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a4382900b9c27abcfdac5e0c4eb4c739</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>b428b178f586da5cfeabf2787b872ed2</hash> </key> -<key> <path>HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>0dcf8b9e98e30b2b19906cfe847e19e7</hash> </key> -<key> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path> <vendor>PUP.Optional.Qone8</vendor> <action>success</action> <hash>845830f98bf04fe71521108afb08a957</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\DealPlyLive</path> <vendor>PUP.Optional.DealPly.A</vendor> <action>success</action> <hash>8c50b17885f6ae882ca2266906fdd828</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\InstallIQ</path> <vendor>PUP.Optional.InstallBrain.A</vendor> <action>success</action> <hash>4d8f9c8d9cdfe45216f9bbb707fb7f81</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>e1fbdb4e1c5f3cfa9f82e08b0cf68977</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>6e6e67c277043303dccd4e1cd131857b</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4498f237403b1521911874f6877b9a66</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>34a82bfeeb90ac8a2d7c3c2efd05ce32</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d903e9400f6c9d990a9eb0ba15ed8977</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>bb21ce5b0e6d072f2a7ff27825dd16ea</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>9943d8510f6c211500a9343662a035cb</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>bf1d56d3295222146b3edd8d33cfd729</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>16c686a3512a94a206a3f872bf43d62a</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>25b781a87b00f83eb9f068026d9545bb</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4795c861106b92a4edbc3a307c867f81</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d5072cfdee8db97d9514fa70e31f4ab6</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>508c5ccd92e97fb71297b2b8b54dee12</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>4d8f01289edd73c3a2076307719107f9</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>dc000623abd0cf672e7b8cde49b9a858</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>f3e9cb5ea3d825112089fe6cd32fa15f</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>34a8e940f08b3402a70286e4649ee11f</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>d9038f9a6d0e6ccadfca600a6f93ba46</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>a73546e39ae10e289f0afd6d6b97c937</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>974566c39ddecd69efbab6b4d42ef808</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>29b3eb3e0b7062d45752b0ba5ca6e21e</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>34a806237cff290d7f2a5317ca38cb35</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>28b49891512a39fd1c8da4c68b7726da</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>499384a594e771c578311e4c877bc23e</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>be1ecf5a95e6c175d9d0f476fb079868</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>914b4edb601b1026357427438a78817f</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>1cc0c0693348b4820f9ae684bb4742be</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>1dbf8d9cbebd360018916bff48bae020</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>904c41e8304b54e2acfd3b2fb74b1ce4</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path> <vendor>PUP.Optional.Qone8</vendor> <action>success</action> <hash>07d5d4550b706ccabf7776244ab9a65a</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller</path> <vendor>PUP.Optional.BundleInstaller.A</vendor> <action>success</action> <hash>fedea089601b50e615a15f1651b13cc4</hash> </key> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdate</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pricemeterliveUpdatem</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRICEMETERLIVEUPDATE.EXE</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRICEMETERLIVEUPDATE.EXE</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path> <vendor>PUP.Optional.InstallCore.A</vendor> <action>success</action> <hash>617bef3a3348340270bfbcbc36ccbc44</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path> <vendor>PUP.Optional.InstallCore.A</vendor> <action>success</action> <hash>d606012857245dd9d694f29cd92a718f</hash> </key> -<key> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path> <vendor>PUP.Optional.Qone8</vendor> <action>success</action> <hash>f6e609202f4c5dd9cf66d7c3c73c8f71</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{89449F37-4AB2-46ED-A566-BB3A7797701B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F509ADC2-B40E-470F-A7B7-45191486B5CB}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<key> <path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </key> -<value> <path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path> <valuename>quick_start@gmail.com</valuename> <vendor>PUP.Optional.QuickStart.A</vendor> <action>success</action> <valuedata>C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\extensions\quick_start@gmail.com</valuedata> <hash>924a50d9c1ba65d1c7179fcc837f03fd</hash> </value> -<value> <path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM</path> <valuename>ImagePath</valuename> <vendor>PUP.Optional.WpManager.A</vendor> <action>success</action> <valuedata>C:\ProgramData\WPM\wprotectmanager.exe -service</valuedata> <hash>bf1d6cbd5d1e54e21202e0bfdd26e917</hash> </value> -<value> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path> <valuename>tb</valuename> <vendor>PUP.Optional.InstallCore.A</vendor> <action>success</action> <valuedata>0R2Y1I1P1N0J1U1C</valuedata> <hash>d606012857245dd9d694f29cd92a718f</hash> </value> -<value> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path> <valuename>ProxyServer</valuename> <vendor>PUM.Bad.Proxy</vendor> <action>success</action> <valuedata>http=127.0.0.1:13828</valuedata> <hash>0bd1bd6c9fdc75c189d106a1f310c838</hash> </value> -<data> <path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path> <valuename/> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>iexplore.exe</gooddata> <hash>29b390997803a98dfff8b46209fbb64a</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Start Page</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>b8245ccdd2a92b0bc13a73a3d1339070</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Search_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</valuedata> <baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>27b585a4b4c773c315e5070f7f851be5</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Page_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>efedd4555c1fe84ef702070f64a013ed</hash> </data> -<data> <path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path> <valuename>DefaultScope</valuename> <vendor>PUP.Optional.Qone8</vendor> <action>replaced</action> <valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata> <baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata> <gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata> <hash>904ce2477cff39fdd90ef030768e11ef</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND</path> <valuename/> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>iexplore.exe</gooddata> <hash>07d57dac7506013554a3c551ce368779</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Start Page</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>8c502900116aa690f60532e406fe7888</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Search_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</valuedata> <baddata>hxxp://istart.webssearches.com/web/?type=ds&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>6379b07984f716205e9c30e6da2a0bf5</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Default_Page_URL</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>8458cc5de893d462ac4d66b041c3c838</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path> <valuename>DefaultScope</valuename> <vendor>PUP.Optional.Qone8</vendor> <action>replaced</action> <valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata> <baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata> <gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata> <hash>18c49a8f572460d62fb8bf619a6abe42</hash> </data> -<data> <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL</path> <valuename>Default</valuename> <vendor>PUP.Optional.SnapDo.A</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mwsk,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mwsk,&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>a9330d1c6f0c82b47e70120483814cb4</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Search Page</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>c5170c1d1e5d221494c37fa1e2227987</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Start Page</valuename> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>replaced</action> <valuedata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</valuedata> <baddata>hxxp://istart.webssearches.com/?type=hp&ts=1397417116&from=amt&uid=ST500DM002-1BD142_S2AKEAXWXXXXS2AKEAXW</baddata> <gooddata>www.google.com</gooddata> <hash>09d340e9fa8151e5ba05d24f7e86639d</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path> <valuename>Search Bar</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>0bd16cbdabd03006aea844dcff05d32d</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path> <valuename>Default_Search_URL</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>cd0fad7cd9a2f04674e565bbf21217e9</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path> <valuename>SearchAssistant</valuename> <vendor>PUP.Optional.Snapdo</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>hxxp://www.google.com</gooddata> <hash>32aa17121a6166d02a305fc1dd276799</hash> </data> -<data> <path>HKU\S-1-5-21-1609159171-3726035027-2611498187-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL</path> <valuename>Default</valuename> <vendor>PUP.Optional.SnapDo.A</vendor> <action>replaced</action> <valuedata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</valuedata> <baddata>hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaDK_XpD2DT87tQiO39kR580HzoZGWerp-2vVf8vhe6vAG8eEE5nbM9wg4NpJBkx6zMIdsiYcVQHUthTBx0jINnrF-zwmkPiN2N4hEzsBxJaOElQWtDz73HWAjRwzBaec-eT9obGRqhkRUkWDpPKDyhCa1VXIBE1CUWI_lU9vN9Yp9peL9UrVTTi9rZ5BNvg7QlF93mws4,&q={searchTerms}</baddata> <gooddata>www.google.com</gooddata> <hash>ab319297493279bd08e78c8a3fc53cc4</hash> </data> -<folder> <path>C:\Program Files (x86)\SupTab</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\img</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\img\weather</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\en-US</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\es-419</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\es-ES</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\it-CH</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\it-IT</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\pl</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\pt</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\ru</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Local\WeatherAlerts</path> <vendor>PUP.Optional.WeatherAlerts</vendor> <action>success</action> <hash>6874ba6f82f946f0f1f988d434cecf31</hash> </folder> -<folder> <path>C:\ProgramData\IePluginService</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>delete-on-reboot</action> <hash>f2eab9706813f93d255b7fde986a5da3</hash> </folder> -<folder> <path>C:\ProgramData\IePluginService\update</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>f2eab9706813f93d255b7fde986a5da3</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\webssearches</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>38a416136d0e0c2a3d7b80e1986afe02</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\webssearches\images</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>38a416136d0e0c2a3d7b80e1986afe02</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\webssearches\log</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>38a416136d0e0c2a3d7b80e1986afe02</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </folder> -<folder> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\CrashReports</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Download</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Install</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<folder> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline\{81687F83-A633-4063-8C92-7C0DCAFFF90B}</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </folder> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\core.exe</path> <vendor>Adware.Bundle</vendor> <action>delete-on-reboot</action> <hash>eeee77b233486dc90e27f91dad54d62a</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\melc.exe</path> <vendor>Adware.Bundle</vendor> <action>delete-on-reboot</action> <hash>815bd752dba096a084b1cf472ad77b85</hash> </file> -<file> <path>C:\ProgramData\WPM\wprotectmanager.exe</path> <vendor>PUP.Optional.WpManager</vendor> <action>delete-on-reboot</action> <hash>03d9d653c1ba0e2820ac05552ad71ce4</hash> </file> -<file> <path>C:\ProgramData\IePluginService\PluginService.exe</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>delete-on-reboot</action> <hash>66763aefd0ab8babbcbc163a44bd2ad6</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\SupTab.dll</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>31abff2a3b40181e2adac64da959837d</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\SupTab\SupTab.dll</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>6676ed3c1d5e78be86c4171ee81817e9</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\20575733.exe</path> <vendor>PUP.Optional.SafeInstall.A</vendor> <action>success</action> <hash>716be742a6d586b02f7b143279883cc4</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\21323253.exe</path> <vendor>PUP.Optional.SafeInstall.A</vendor> <action>success</action> <hash>a636cf5ad1aa81b5eac0bb8b946da15f</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\MediaPlayer__5647_il380.exe</path> <vendor>PUP.Optional.Amonetize.A</vendor> <action>success</action> <hash>3ba1c2674b303afcdd7cb38936cad12f</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fox.exe</path> <vendor>Adware.Bundle</vendor> <action>success</action> <hash>9646ec3df9828fa767ce869050b1738d</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\svhosts.exe</path> <vendor>Adware.Bundle</vendor> <action>success</action> <hash>27b5c762fa81af8742f36bab6e932bd5</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\instloffer.exe</path> <vendor>PUP.Optional.Vittalia</vendor> <action>success</action> <hash>924aae7b34471e18e6e8ff759d6414ec</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\alilog.dll</path> <vendor>PUP.Optional.SkyTech.A</vendor> <action>success</action> <hash>489441e8c4b761d5da3833fffe02f709</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\package1.zip</path> <vendor>PUP.Optional.SkyTech.A</vendor> <action>success</action> <hash>1dbf79b0d8a3ea4cd73b89a9cb35827e</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\tmp\SupTab.exe</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>b12b0f1aaecdc47298e09cb4728fe31d</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\fullpackage_temp1397417104\tmp\wpm.exe</path> <vendor>PUP.Optional.WpManager</vendor> <action>success</action> <hash>ae2e36f3d9a2ed49527a3e1cbc45ef11</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\Phx8E12\DesktopWeatherAlertsSetup.exe</path> <vendor>PUP.Optional.WeatherAlerts.A</vendor> <action>success</action> <hash>49930e1bb4c7df5718588fbaa16303fd</hash> </file> -<file> <path>C:\Users\Sebastian\Downloads\installer_microsoft_picture_it_9_0_Deutsch.exe</path> <vendor>PUP.Optional.Vittalia</vendor> <action>success</action> <hash>c715f33695e6e94d1db34807bc4539c7</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\41\a18467.exe</path> <vendor>PUP.Optional.Amonetize</vendor> <action>success</action> <hash>b62670b949327eb8f412beab3bc64eb2</hash> </file> -<file> <path>C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>f8e425044d2ef442d2d88bdf976b8080</hash> </file> -<file> <path>C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>0bd137f2f28991a5e3c78ddd49b98779</hash> </file> -<file> <path>C:\Windows\Tasks\PriceMeterUpdater.job</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>8b5155d48cef46f0eac1e28829d9d42c</hash> </file> -<file> <path>C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml</path> <vendor>PUP.Optional.WebsSearches.A</vendor> <action>success</action> <hash>fce087a286f5f442b370016a37cb58a8</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\searchplugins\Web Search.xml</path> <vendor>PUP.Optional.WebSearch.A</vendor> <action>success</action> <hash>31ab8c9d95e6f93dc621a7c619e93fc1</hash> </file> -<file> <path>C:\Windows\System32\roboot64.exe</path> <vendor>PUP.Optional.PCPerformer.A</vendor> <action>success</action> <hash>e1fb27020e6d54e226c3bdb4cc36867a</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\install.data</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\uninstall.exe</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\WebDataJs</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\data.html</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\indexIE.html</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\indexIE8.html</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\main.css</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\ver.txt</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\arrow.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\default_add_logo.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\default_logo.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\googlelogo.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\googlelogo2.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\google_trends.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\icon128.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\icon16.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\icon48.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\loading.gif</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\logo32.ico</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\search.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\sliders.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\img\weather\0.png</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\common.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\ga.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\ie8.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\js.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\library.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\js\xagainit.js</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json</path> <vendor>PUP.Optional.SupTab.A</vendor> <action>success</action> <hash>7b61b27758237abca343abc9ea181ce4</hash> </file> -<file> <path>C:\Windows\Tasks\PassShow Update.job</path> <vendor>PUP.Optional.PassShow.A</vendor> <action>success</action> <hash>9448b6732e4d1a1cb75dec8c23dfbf41</hash> </file> -<file> <path>C:\Windows\Tasks\AmiUpdXp.job</path> <vendor>PUP.Software.Updater</vendor> <action>success</action> <hash>d00cc2676e0d7cba4784334c27dbe818</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>825a4adfe69515212f77b6b4a65c0df3</hash> </file> -<file> <path>C:\ProgramData\IePluginService\update\conf</path> <vendor>PUP.Optional.IePluginService.A</vendor> <action>success</action> <hash>f2eab9706813f93d255b7fde986a5da3</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\config.dat</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\info.dat</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\STTL.DAT</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Roaming\PriceMeterUpdater\UpdateProc\TTL.DAT</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>518b8b9ed5a6c76f2eb5acb5a55dac54</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_de.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_el.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en-GB.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_en.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es-419.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_es.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_et.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fa.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fi.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fil.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_fr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_gu.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hi.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_hu.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_id.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_it.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_iw.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ja.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_kn.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ko.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lt.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_lv.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ml.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_mr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ms.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_nl.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_no.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pl.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-BR.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_pt-PT.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ro.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>delete-on-reboot</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_am.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ar.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bg.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_bn.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ca.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_cs.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sk.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sl.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sv.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_sw.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ta.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_te.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_th.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_tr.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_uk.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ur.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_vi.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-CN.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_zh-TW.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdate.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateBroker.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHandler.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateHelper.msi</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\PriceMeterLiveUpdateOnDemand.exe</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psmachine.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\psuser.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_da.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_is.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdateres_ru.dll</path> <vendor>PUP.Optional.PriceMeter.A</vendor> <action>success</action> <hash>ebf15acf1f5ca096e5ff2e3343bf1fe1</hash> </file> -<file> <path>C:\Users\Sebastian\AppData\Local\Temp\rundll32.exe</path> <vendor>Heuristics.Reserved.Word.Exploit</vendor> <action>success</action> <hash>38a42dfc0774de58903fec35966ec040</hash> </file> </items> </mbam-log> Dann noch mit ADWCLeaner drüber, hier der logFile: # AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 23:16:02 # Aktualisiert 01/04/2014 von Xplode # Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits) # Benutzername : Sebastian - SEBASTIAN-PC # Gestartet von : C:\Users\Sebastian\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\Program Files (x86)\smart pc cleaner Ordner Gelöscht : C:\Users\SEBAST~1\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\SupTab Ordner Gelöscht : C:\Users\Sebastian\Documents\smart pc cleaner Datei Gelöscht : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk Datei Gelöscht : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\user.js ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKLM\Software\IePlugin Schlüssel Gelöscht : HKLM\Software\supTab Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\Vittalia Schlüssel Gelöscht : HKLM\Software\Wpm ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\577yui5v.default\prefs.js ] Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true); Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true); Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3); Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0); Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 13); Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1397239562309"); Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15); Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "126436"); Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "at"); Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "vertitechnologyybch"); Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/www.superfish.com\\\\\\/ws\\\\\\/[...] Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false"); Zeile gelöscht : user_pref("extensions.helperbar.installationid", "da50b1bf-5fd6-ed05-535b-a3825fd7922b"); Zeile gelöscht : user_pref("extensions.helperbar.installdate", "13/04/2014"); Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1397412362"); Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1397412373194"); Zeile gelöscht : user_pref("extensions.helperbar.publisher", "vertitechnologyyb"); ************************* AdwCleaner[R0].txt - [6583 octets] - [13/04/2014 23:14:15] AdwCleaner[S0].txt - [5722 octets] - [13/04/2014 23:16:02] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5782 octets] ########## Wie gehts jetzt weiter? mfg Sebastian |
Hallo Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
Servus, danke für die schnelle Hilfe! Normal: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014Additional: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014 |
Hallo dann gehen wir die Baustelle einmal an. Du in deinen Tempfiles einiges an Bildern die keine Bilder sonder Programme sind. Code: C:\Users\***\AppData\Local\Temp\271nohh3x3427.jpg.exeSchritt 1: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: Update for PriceMeter (HKCU\...\PriceMeterUpdater) (Version: - Update for PriceMeter) <==== ATTENTIONSpeichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 3: Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4: ESET Online Scanner
Schritt 5: erstelle ein neues FRST Logfile und poste es hier |
Servus, nach dem Neustart bei Punkt 1 kann ich nun mit dem PC nichtmehr ins Internet, weil "der Proxy-Server die Verbindung verweigert". Wie kann ich das Lösen? Kann natürlich erst dann mit dem eigentlichen Arbeiten anfangen :( Mfg |
Hi hattest du selbst einen Proxy Server eingestellt? Welchen Browser verwendest du? |
Folge der anleitung etwas abgewandelt. erstelle das Script auf einem anderen Rechner und kopiere es per USB-Stick auf den Rechner der infiziert ist. PROXY RESET Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: ProxyEnable: Internet Explorer proxy is enabled.Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
Dankeschön! Hier der Fixlog vom Proxy: Code: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014FixLog von Nr 1: Code: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 01Code: ESETSmartInstaller@High as downloader log:Erneuter FRST Log: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 |
Hallo tritt das Ursprüngliche Problem mit Quick Start NewTab noch auf? Downloade Dir bitte  SecurityCheck und:
|
 ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
Servus, nein hat sich nicht erledigt, war nur lange nicht beim PC! Allerdings kann ich jetzt SecurityCheck nicht downloaden... Ich klicke wie bei den vorigen files drauf, und ich komme wieder auf die Ursprungsansicht von SecurityCheck auf filepony.de O.o mfg |
ok der Fehler tritt bei mir auch auf. Vergessen wir das Tool erstmal. Macht der Rechner sonst noch Probleme? |
Ich konnte bis jetzt nichts mehr feststellen, weder werbung noch sonstige ungereimtheiten. Mfg |
wunderbar dann räumen wir noch auf ... und du bekommst einige Tips von mir (optional) Schritt 1: Die Reihenfolge ist hier entscheidend.
Schritt 2: Wunderbar dein System ist soweit ich das sehen kann sauber. :daumenhoc Hier noch ein paar Tipps zur Absicherung deines Systems. Benutzerkonto Einstellungen: Wir sehen immer wieder User mit Administratorrechten. Hier kann jeder Nutzer eines Windowsrechners schon die erste Türe schließen. Arbeite mit einem eingeschränkten Benutzerkonto anstelle eines Kontos mit Administratorrechten. Diese sind für das tägliche Arbeiten nicht nötig, und solltest du einmal Software installieren wollen wirst du im normalfall nach deinem Passwort gefragt. Solltest du Hilfe bei der Erstellung eines "eingeschränkten Kontos" benötigen helfe ich dir gern weiter. Systemupdates: Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Besonders Java erfährt zur Zeit regelmäßig sicherheitsrelevante Updates Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Antivirensoftware Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen alternatives Browsen Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. Wenn du möchtest, kannst du das Trojaner Board Forum mit einer kleinen Spende unterstützen. |
Servus, habe deine Nachricht mal grob überflogen und werde morgen Abend alles genau ausführen und die Tipps in Zukunft beherzigen. Danach werde ich mich nochmal bei dir (wenn gewünscht per PN) melden. Bzgl der Spende werde ich sehen was sich machen lässt, da mir hier ja schnell, ausführlich und vorallem freundlich geholfen wurde! Danke schonmal für deine wertvolle Zeit und deine tollen Beschreibungen für einen absoluten Anfänger! mfg Todeskostn |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:19 Uhr. |
Copyright ©2000-2025, Trojaner-Board
