Internetstartseite hat sich geändert in "Quick Start" und lässt sich nicht ändern

ines_1 · 09.04.2014, 10:08

Hallo,

ich glaube mein PC hat sich was eingefangen. Statt der Google Startseite öffnet sich eine Quick-Start Seite und die lässt sich nicht ändern. Vorher hatte sich plötzlich ein PC-Cleaner geöffnet, den ich nicht installeirt habe. Habe ihn deinstalliert, aber ich glaube da ist noch was anderes da. Alles vom heutigen Datum habe ich deinstalliert. Eigentlich wollte ich nur die neueste JAVA Version runterladen.

ICh habe ein kostenloses Internet Avira Free Antivirus programm installiert, was eben auch angesprungen ist und auch ein Programm gefunden und entfernt hat. Aber die Startseite lässt sich immer noch nicht ändern und da ist noch mehr glaube ich.

Könnt ihr mir helfen?

Freundliche Grüße

Ines

schrauber · 09.04.2014, 11:00

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ines_1 · 09.04.2014, 11:45

Hi, super das du dich meldest. Habe leider erst zu spät die weiteren Anweisungen gelesen. Habe alles installiert und auch schon vom First Editor und Addition Editor die "Berichte". wollte sie eben einfügen ging aber nicht. Bin technsich nicht so versiert :-( , wo kann ich sie einfügen, hab ich irgendwie nicht kapiert ?!
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Ines (administrator) on INES-PC on 09-04-2014 12:17:37
Running from C:\Users\Ines\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-19] (Updater)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1393984 2014-03-17] (Spigot, Inc.)
HKLM-x32\...\Run: [fst_de_1] - [X]
HKLM-x32\...\RunOnce: [VOPackage] - C:\Users\Ines\AppData\Roaming\VOPackage\VOPackage.exe /runonce [386406 2014-04-09] ( )
HKU\S-1-5-21-517023104-958483264-3855614887-1000\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater)
HKU\S-1-5-21-517023104-958483264-3855614887-1000\...\Run: [PC Speed Maximizer] - C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134456 2013-03-09] (Smart PC Solutions)
HKU\S-1-5-21-517023104-958483264-3855614887-1000\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355040 2014-03-30] (Conduit)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-03-04] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050400 2014-03-30] (Conduit)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD73A92973540CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\8.9\pdfforgeToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\8.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP49D3C244-C81E-485D-BDB4-2F263C8E5A66&q={searchTerms}&SSPV=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
SearchScopes: HKCU - {3CFF21E2-E5D1-4F6E-B897-E68708BAC007} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Better Experience - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\BetterExperience\IE\common.dll (Better Experience)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\8.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\8.9\pdfforgeToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\8.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default
FF user.js: detected! => C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Conduit Search
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Ines\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\quick_start@gmail.com [2014-04-09]
FF Extension: Better Experience - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\support@betterxperience.com [2014-02-01]
FF Extension: Address Bar Search - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-26]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com [2014-04-09]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958

Chrome: 
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
CHR RestoreOnStartup: "hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (YouTube) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (HQVid8.1v2) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-09]
CHR Extension: (No Name) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2014-02-01]
CHR Extension: (Google Wallet) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\BetterExperience\Chrome\common.crx [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-09]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-04] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2466080 2014-03-30] (Conduit)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [688240 2014-03-31] (Cherished Technololgy LIMITED)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-06] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-09] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-09 12:17 - 2014-04-09 12:17 - 02157056 _____ (Farbar) C:\Users\Ines\Desktop\FRST64.exe
2014-04-09 12:17 - 2014-04-09 12:17 - 00019486 _____ () C:\Users\Ines\Desktop\FRST.txt
2014-04-09 12:17 - 2014-04-09 12:17 - 00000000 ____D () C:\FRST
2014-04-09 12:10 - 2014-04-09 12:16 - 00000470 _____ () C:\Users\Ines\Desktop\defogger_disable.log
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 _____ () C:\Users\Ines\defogger_reenable
2014-04-09 12:05 - 2014-04-09 12:05 - 00050477 _____ () C:\Users\Ines\Desktop\Defogger.exe
2014-04-09 11:56 - 2014-04-09 11:55 - 00309297 _____ () C:\Users\Ines\Desktop\Einladung mündliche prüfung.jpeg
2014-04-09 10:43 - 2014-04-09 10:43 - 04892480 _____ (WinZip International LLC ) C:\Program Files\wzmp_8.exe
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\SupTab
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\ProgramData\WPM
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-09 10:20 - 2014-04-09 10:34 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\VOPackage
2014-04-09 10:20 - 2014-04-09 10:20 - 01100952 _____ (AnyProtect.com) C:\Users\Ines\AppData\Local\nscFC99.tmp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 10:19 - 2014-04-09 10:34 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-03-27 22:34 - 2014-03-27 22:33 - 00657608 _____ () C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg
2014-03-22 08:48 - 2014-03-22 16:42 - 00000000 ____D () C:\Users\Ines\Desktop\PRÜFUNG MÜNDLICH
2014-03-21 17:59 - 2014-03-21 17:59 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar
2014-03-21 17:59 - 2014-03-21 17:59 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-03-18 11:31 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-18 10:16 - 2014-03-18 10:16 - 00000000 _____ () C:\autoexec.bat
2014-03-17 18:56 - 2014-03-17 18:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-12 12:08 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 12:08 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 12:08 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 12:08 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 12:08 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 12:08 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 12:08 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 12:08 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 12:08 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 12:08 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 12:08 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 12:08 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 12:08 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 12:08 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:08 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 12:08 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 12:08 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 12:08 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 12:08 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 12:08 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:08 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 12:08 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 12:08 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 12:08 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 12:08 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 12:08 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 12:08 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 12:08 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 12:08 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 12:08 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 12:08 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 12:08 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 12:08 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 12:08 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 12:08 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 12:08 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 12:08 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 12:08 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 12:08 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 12:08 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 12:08 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 12:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 12:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 12:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 12:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 12:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 12:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-09 12:17 - 2014-04-09 12:17 - 02157056 _____ (Farbar) C:\Users\Ines\Desktop\FRST64.exe
2014-04-09 12:17 - 2014-04-09 12:17 - 00019486 _____ () C:\Users\Ines\Desktop\FRST.txt
2014-04-09 12:17 - 2014-04-09 12:17 - 00000000 ____D () C:\FRST
2014-04-09 12:16 - 2014-04-09 12:10 - 00000470 _____ () C:\Users\Ines\Desktop\defogger_disable.log
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 _____ () C:\Users\Ines\defogger_reenable
2014-04-09 12:07 - 2011-08-12 16:20 - 00000000 ____D () C:\Users\Ines
2014-04-09 12:05 - 2014-04-09 12:05 - 00050477 _____ () C:\Users\Ines\Desktop\Defogger.exe
2014-04-09 12:03 - 2013-04-11 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 12:01 - 2011-08-12 22:01 - 01451401 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 11:55 - 2014-04-09 11:56 - 00309297 _____ () C:\Users\Ines\Desktop\Einladung mündliche prüfung.jpeg
2014-04-09 11:54 - 2012-11-08 17:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 10:43 - 2014-04-09 10:43 - 04892480 _____ (WinZip International LLC ) C:\Program Files\wzmp_8.exe
2014-04-09 10:34 - 2014-04-09 10:20 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\VOPackage
2014-04-09 10:34 - 2014-04-09 10:19 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\SupTab
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\ProgramData\WPM
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-09 10:25 - 2014-04-09 10:25 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-09 10:22 - 2012-11-08 17:09 - 00002406 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-09 10:22 - 2011-08-12 16:27 - 00001360 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-09 10:22 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:22 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:20 - 2014-04-09 10:20 - 01100952 _____ (AnyProtect.com) C:\Users\Ines\AppData\Local\nscFC99.tmp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 10:20 - 2009-07-14 19:58 - 00702942 _____ () C:\Windows\system32\perfh007.dat
2014-04-09 10:20 - 2009-07-14 19:58 - 00150582 _____ () C:\Windows\system32\perfc007.dat
2014-04-09 10:20 - 2009-07-14 07:13 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-09 10:17 - 2012-11-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-09 10:14 - 2012-11-08 17:08 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 10:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 10:14 - 2009-07-14 06:51 - 00563235 _____ () C:\Windows\setupact.log
2014-04-08 16:35 - 2014-01-04 12:50 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\Skype
2014-04-07 09:11 - 2011-08-12 16:45 - 00000000 ____D () C:\Users\Ines\Documents\Outlook-Dateien
2014-04-04 18:28 - 2014-03-04 11:43 - 00000000 ____D () C:\Program Files (x86)\XMind
2014-04-01 21:49 - 2012-11-08 17:08 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-01 21:49 - 2012-11-08 17:08 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 18:09 - 2014-03-04 11:40 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-27 22:33 - 2014-03-27 22:34 - 00657608 _____ () C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg
2014-03-22 16:42 - 2014-03-22 08:48 - 00000000 ____D () C:\Users\Ines\Desktop\PRÜFUNG MÜNDLICH
2014-03-22 01:36 - 2012-01-23 22:43 - 00000000 ____D () C:\Users\Ines\Desktop\HP-Ausbildung
2014-03-21 17:59 - 2014-03-21 17:59 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar
2014-03-21 17:59 - 2014-03-21 17:59 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-03-20 07:46 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-19 00:47 - 2013-08-14 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 00:45 - 2011-08-21 19:04 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 11:32 - 2014-03-18 11:31 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-18 10:16 - 2014-03-18 10:16 - 00000000 _____ () C:\autoexec.bat
2014-03-17 18:56 - 2014-03-17 18:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-17 18:56 - 2011-08-12 16:55 - 00009349 _____ () C:\Users\Ines\AppData\Roaming\Kommagetrennte Werte (DOS).EML
2014-03-17 18:31 - 2012-01-09 23:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-13 18:10 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 01:27 - 2011-08-12 16:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 12:03 - 2013-04-11 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 12:03 - 2013-04-04 07:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:03 - 2011-08-17 22:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 23:33 - 2011-08-12 16:36 - 00349000 _____ () C:\Windows\PFRO.log
2014-03-11 23:31 - 2014-03-04 11:41 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-03-10 09:58 - 2013-04-11 21:42 - 00001984 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

Some content of TEMP:
====================
C:\Users\Ines\AppData\Local\Temp\APNSetup.exe
C:\Users\Ines\AppData\Local\Temp\AskSLib.dll
C:\Users\Ines\AppData\Local\Temp\avgnt.exe
C:\Users\Ines\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ines\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Ines\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Ines\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ines\AppData\Local\Temp\nsb823F.exe
C:\Users\Ines\AppData\Local\Temp\nscAA30.exe
C:\Users\Ines\AppData\Local\Temp\nscC4ED.exe
C:\Users\Ines\AppData\Local\Temp\nsd3A47.exe
C:\Users\Ines\AppData\Local\Temp\nshA02A.exe
C:\Users\Ines\AppData\Local\Temp\nshC24D.exe
C:\Users\Ines\AppData\Local\Temp\nsmA21E.exe
C:\Users\Ines\AppData\Local\Temp\nsmBFFB.exe
C:\Users\Ines\AppData\Local\Temp\nsrA7CE.exe
C:\Users\Ines\AppData\Local\Temp\nss9DAA.exe
C:\Users\Ines\AppData\Local\Temp\nsw7CF0.exe
C:\Users\Ines\AppData\Local\Temp\nsw7F61.exe
C:\Users\Ines\AppData\Local\Temp\nswA57C.exe
C:\Users\Ines\AppData\Local\Temp\ose00000.exe
C:\Users\Ines\AppData\Local\Temp\SHSetup.exe
C:\Users\Ines\AppData\Local\Temp\SPSetup.exe
C:\Users\Ines\AppData\Local\Temp\Updater.exe
C:\Users\Ines\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 11:03FRST Additions Logfile:
FRST Additions Logfile:

	Code: 

 ATTFilter

  
	Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ines at 2014-04-09 12:18:15
Running from C:\Users\Ines\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

11-03-2014 06:17:32 Windows Update
12-03-2014 05:48:27 Windows Update
12-03-2014 23:25:52 Windows Update
17-03-2014 16:28:39 Removed FileOpen Client (x64)
17-03-2014 16:55:33 Installed SpyHunter
18-03-2014 08:21:03 Windows Update
18-03-2014 09:30:48 Removed SpyHunter
18-03-2014 22:45:34 Windows Update
25-03-2014 06:06:47 Windows Update
29-03-2014 12:47:29 Windows Update
04-04-2014 10:57:15 Windows Update
08-04-2014 05:46:26 Windows Update
09-04-2014 08:20:22 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DB867F5-85F5-44C9-9374-DAA3310F103E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {0DEEC176-BA11-4A3B-94B5-389B5427C5C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08] (Google Inc.)
Task: {71F2E6A0-C336-45CC-9CD0-92851D3B3416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08] (Google Inc.)
Task: {DAAFE20D-992A-415C-84D0-267996414310} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-12 17:09 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-12-06 03:30 - 2013-12-06 03:30 - 00040448 _____ () C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-02-25 22:49 - 2013-02-24 18:45 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-15 13:14 - 2013-12-15 13:14 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 12:03 - 2014-03-12 12:03 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\Users\Ines\Desktop\Bild CD Sabine Wald.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ines\Desktop\Bild CD Sabine Wald.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Ines\Desktop\Einladung mündliche prüfung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ines\Desktop\Einladung mündliche prüfung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Ines\AppData\Roaming\Kommagetrennte Werte (DOS).EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 10:22:20 AM) (Source: MsiInstaller) (User: Ines-PC)
Description: Product: Adobe Flash Player 11 ActiveX -- Error 1721.There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: NewCustomAction1, location: C:\Users\Ines\AppData\Local\Temp\InstallAX_11_9_900_170.exe, command: -install -msi

Error: (03/18/2014 11:32:09 AM) (Source: Microsoft-Windows-RestartManager) (User: Ines-PC)
Description: Die Anwendung oder der Dienst "SpyHunter4 application" konnte nicht heruntergefahren werden.

Error: (03/17/2014 06:31:22 PM) (Source: Microsoft-Windows-RestartManager) (User: Ines-PC)
Description: Die Anwendung oder der Dienst "FileOpen Manager Service" konnte nicht neu gestartet werden.

Error: (02/21/2014 11:20:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0xae8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (02/15/2014 01:13:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/19/2014 07:08:30 PM) (Source: Application Hang) (User: )
Description: Programm WINWORD.EXE, Version 14.0.7113.5001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 29c8

Startzeit: 01cf1535e7626fed

Endzeit: 21780

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

Berichts-ID: 3ac47e21-812c-11e3-8522-8c89a52d158e

Error: (01/04/2014 01:30:05 PM) (Source: MsiInstaller) (User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/04/2014 01:30:04 PM) (Source: MsiInstaller) (User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/04/2014 01:30:04 PM) (Source: MsiInstaller) (User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/04/2014 00:50:56 PM) (Source: MsiInstaller) (User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)


System errors:
=============
Error: (04/09/2014 10:21:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/09/2014 10:21:40 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Installer erreicht.

Error: (04/09/2014 10:21:41 AM) (Source: DCOM) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (04/04/2014 11:59:11 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/04/2014 11:59:11 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/04/2014 11:58:43 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/04/2014 11:58:43 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (04/04/2014 11:58:42 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/17/2014 06:51:20 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (03/17/2014 06:51:18 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (04/09/2014 10:22:20 AM) (Source: MsiInstaller)(User: Ines-PC)
Description: Product: Adobe Flash Player 11 ActiveX -- Error 1721.There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: NewCustomAction1, location: C:\Users\Ines\AppData\Local\Temp\InstallAX_11_9_900_170.exe, command: -install -msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/18/2014 11:32:09 AM) (Source: Microsoft-Windows-RestartManager)(User: Ines-PC)
Description: 1C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exeSpyHunter4 application0211715520

Error: (03/17/2014 06:31:22 PM) (Source: Microsoft-Windows-RestartManager)(User: Ines-PC)
Description: 0FileOpenManagerSvc64.exeFileOpen Manager Service03026217820120

Error: (02/21/2014 11:20:37 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8ae801cf2f4aa74bdd7dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll01205626-9b3e-11e3-9e1b-8c89a52d158e

Error: (02/15/2014 01:13:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestD:\Lukas\SoftonicDownloader_fuer_activea-iso-burner.exe

Error: (01/19/2014 07:08:30 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE14.0.7113.500129c801cf1535e7626fed21780C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE3ac47e21-812c-11e3-8522-8c89a52d158e

Error: (01/04/2014 01:30:05 PM) (Source: MsiInstaller)(User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/04/2014 01:30:04 PM) (Source: MsiInstaller)(User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/04/2014 01:30:04 PM) (Source: MsiInstaller)(User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/04/2014 00:50:56 PM) (Source: MsiInstaller)(User: Ines-PC)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3327.18 MB
Available physical RAM: 2038.39 MB
Total Pagefile: 6652.54 MB
Available Pagefile: 5145.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:319.27 GB) (Free:254.12 GB) NTFS
Drive d: (Ines) (Fixed) (Total:146.48 GB) (Free:123.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3424DBC6)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=319 GB) - (Type=05)

==================== End Of Log ============================
         
 --- --- ---

--- --- ---

--- --- ---
==================== End Of Log ============================

--- --- ---

schrauber · 10.04.2014, 08:04

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

ines_1 · 10.04.2014, 10:11

Moin moin, klappt alles bisher. Hier der Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ines at 2014-04-10 10:31:51 Run:1
Running from C:\Users\Ines\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

Habe gerade die Malwarebytes Anti-Malware runtergeladen und gespeichert. Automatisch kam da der WinZip Mailware Protector.

Irgendwie gings gleich los mit der "schnellen Überprüfung" und so durchsucht er alles. Habe ich das richtige Programm installiert? Denn ich konnte "bei Erkennung und Schutz" keinen Haken setzen bei "Suche nach Rootkits".

Ok habs gefunden. Beim WinZip registriere ich mich nicht.

ines_1 · 10.04.2014, 10:57

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.04.2014
Suchlauf-Zeit: 11:41:37
Logdatei: Suchlauf Verlaufsprotokoll.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.10.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ines

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 250245
Verstrichene Zeit: 25 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 7
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1092, Löschen bei Neustart, [bd438b7545bb55ab09a72a2534cdb947]
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, 1192, Löschen bei Neustart, [0ef2c13f946cf30d946e2238ec1533cd]
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, 2180, Löschen bei Neustart, [7c841ee2a9573ec2053bce6d966b45bb]
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe, 2896, Löschen bei Neustart, [a15fd22e26daf10f53d62517d52b36ca]
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe, 2952, Löschen bei Neustart, [9a660ff10ef2ac54df4acb7111ef57a9]
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\IeHelper\IeHelper.exe, 3060, Löschen bei Neustart, [fb05bc4410f0dc24e54479c318e8956b]
Trojan.Agent, C:\ProgramData\Updater\updater.exe, 2012, Löschen bei Neustart, [f907a25ec43c758be8beddb9c73ca15f]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 41
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [bd438b7545bb55ab09a72a2534cdb947],
PUP.Optional.WpManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm, In Quarantäne, [0ef2c13f946cf30d946e2238ec1533cd],
PUP.Optional.InternetUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater, In Quarantäne, [7c841ee2a9573ec2053bce6d966b45bb],
PUP.Optional.Conduit.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [4bb50af649b73ec26d2e72a505fc966a],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\APPID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}, In Quarantäne, [e8188d73b8480cf4d34ec34e1de5ba46],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}, In Quarantäne, [e8188d73b8480cf4d34ec34e1de5ba46],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [fe02d52b57a9fe02351f0809d42ecd33],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [fe02d52b57a9fe02351f0809d42ecd33],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [07f9da26718f748c48dafe13837ffc04],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [07f9da26718f748c48dafe13837ffc04],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [7888fc04639d03fdbad3de32fe04e11f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [7888fc04639d03fdbad3de32fe04e11f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [7888fc04639d03fdbad3de32fe04e11f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [7888fc04639d03fdbad3de32fe04e11f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [7888fc04639d03fdbad3de32fe04e11f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [7888fc04639d03fdbad3de32fe04e11f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{781CA792-9B6E-400B-B36F-15C097D2CA54}, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{781CA792-9B6E-400B-B36F-15C097D2CA54}, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\CLASSES\DynConIE.DynConIEObject.1, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\CLASSES\DynConIE.DynConIEObject, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DynConIE.DynConIEObject, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DynConIE.DynConIEObject.1, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, Löschen bei Neustart, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.MoodTube.A, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}, Löschen bei Neustart, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\APPID\DynConIE.DLL, In Quarantäne, [20e0dd239e62966a85f0244f887aca36],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DynConIE.DLL, In Quarantäne, [e020cc34b64a4fb1264f0e659f639967],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [709030d0758b03fd03aeccc9857e14ec],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [1ee25da3649cf8083463e185679b5aa6],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DynConIE.DLL, In Quarantäne, [d52b25dbc13f0bf598dd87ec7d85b54b],
PUP.Optional.MultiIE, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\igjjkeeamkpihpncmmbgdkhdnjpcfmfb, In Quarantäne, [7a86966a639dc838526a4851f50e9070],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [659b53ad8f71e41c8cc797d08e7450b0],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [8d73758b26da8977a809d2c36c97a15f],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [679948b8fa06dc24dcf7fb8f1ee529d7],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Löschen bei Neustart, [629e0bf5659b9868c1fe85e07290f907],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Löschen bei Neustart, [4db303fde8187d836515c9d514efd729],
PUP.Optional.Qone8, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [e51b778911ef1fe1c1ef30653ec54eb2],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Löschen bei Neustart, [69978b7513ed2cd4bf135b2f649f9868],

Registrierungswerte: 7
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com, In Quarantäne, [5ca46997e7194bb5db79dd8af111bf41]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1590556105716924415, In Quarantäne, [679948b8fa06dc24dcf7fb8f1ee529d7]
PUP.Optional.InternetUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER|ImagePath, "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe", In Quarantäne, [e020c13fa45c36ca3622fb79e71b59a7]
PUP.Optional.WpManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM|ImagePath, C:\ProgramData\WPM\wprotectmanager.exe -service, In Quarantäne, [c13f936d2dd39a66b7d85644e81be719]
Trojan.Agent, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\updater.exe, Löschen bei Neustart, [f907a25ec43c758be8beddb9c73ca15f]
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater, C:\ProgramData\Updater\Updater.exe, In Quarantäne, [f907a25ec43c758be8beddb9c73ca15f]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1590556105716924415, Löschen bei Neustart, [69978b7513ed2cd4bf135b2f649f9868]

Registrierungsdaten: 17
PUP.Optional.Conduit.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Ersetzt,[46ba5aa6f70911ef326958bf6f9224dc]
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Ersetzt,[9d632dd3dc24c937d1ca5abda25f728e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[6799e818ee12f50b03a16fa242c29c64]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[b64ad52b6b958080c9ddc44de32143bd]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[d828817f1ee2f20ef1b4d43d739110f0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}),Ersetzt,[49b7ae52d42c9a66654366ab000417e9]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[c937847c1be554ace1c6e32e1aeaf60a]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[45bbe020f20e4cb42287b859d72dc23e]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[907030d07987b05071248c8fd82c3ec2]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[49b79c64b0508779efb59b76d133bd43]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[3dc3768a29d729d7c8de3bd60ef604fc]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[5da3a858f20e45bbfaabb25fb54f7888]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958&q={searchTerms}),Ersetzt,[ac54936d3fc1d729505853be1aeaa759]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[8f7102fe847c758b8b1c51c0e0247888]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958),Ersetzt,[e41c8d7341bf7a864e5b868b8b79ec14]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[50b09769a060867adeb72fec7c88e818]
PUP.Optional.Conduit.A, HKU\S-1-5-21-517023104-958483264-3855614887-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP49D3C244-C81E-485D-BDB4-2F263C8E5A66&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP49D3C244-C81E-485D-BDB4-2F263C8E5A66&SSPV=),Löschen bei Neustart,[54accb350af68f71f409947d27dd8b75]

Ordner: 99
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater, Löschen bei Neustart, [2cd4d52b1ee277895502a1d3e71bc63a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\Logs, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\Logs, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Löschen bei Neustart, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.Conduit.A, C:\Users\Ines\AppData\Local\Temp\CT3323737, In Quarantäne, [837dbc44e917847c148afe5ae41e1de3],
PUP.Optional.Conduit.A, C:\Users\Ines\AppData\Local\Temp\CT3324066, In Quarantäne, [a957649c60a053ad5945d38508fa9c64],
PUP.Optional.Searchagent, C:\ProgramData\RHelpers, Löschen bei Neustart, [916ffe020af6d62a6dfc342539c902fe],
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\ChromeHelper, Löschen bei Neustart, [916ffe020af6d62a6dfc342539c902fe],
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\FirefoxHelper, Löschen bei Neustart, [916ffe020af6d62a6dfc342539c902fe],
PUP.Optional.Searchagent, C:\ProgramData\RHelpers\IeHelper, Löschen bei Neustart, [916ffe020af6d62a6dfc342539c902fe],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Löschen bei Neustart, [9a6604fcb54b38c89d5844168082b050],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [9a6604fcb54b38c89d5844168082b050],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\icons, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\icons\actions, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\api, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\popupResource, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\include, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\include\tools, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\en, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\en-US, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\es, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\es-419, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\it, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\pl, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\ru, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\tr, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\vi, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\defaults, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\defaults\preferences, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],

Dateien: 388
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Löschen bei Neustart, [bd438b7545bb55ab09a72a2534cdb947],
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Löschen bei Neustart, [0ef2c13f946cf30d946e2238ec1533cd],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, Löschen bei Neustart, [7c841ee2a9573ec2053bce6d966b45bb],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [4bb50af649b73ec26d2e72a505fc966a],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Löschen bei Neustart, [b749916faa5646ba9407ed2a897801ff],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Löschen bei Neustart, [f30dd0304cb45da3960540d723dee61a],
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe, Löschen bei Neustart, [a15fd22e26daf10f53d62517d52b36ca],
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe, Löschen bei Neustart, [9a660ff10ef2ac54df4acb7111ef57a9],
PUP.Optional.MultiExtension.A, C:\ProgramData\RHelpers\IeHelper\IeHelper.exe, Löschen bei Neustart, [fb05bc4410f0dc24e54479c318e8956b],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Löschen bei Neustart, [ab5532ce758ba85872299c7bdf228a76],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [46ba5aa6f70911ef326958bf6f9224dc],
PUP.Optional.Conduit.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [9d632dd3dc24c937d1ca5abda25f728e],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [7888fc04639d03fdbad3de32fe04e11f],
PUP.Optional.MoodTube.A, C:\ProgramData\BetterExperience\IE\common.dll, In Quarantäne, [5da3b64a11efbf41e886cf4008faa15f],
PUP.Optional.SupTab.A, C:\Users\Ines\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [c33dfa0630d0867aac9e3bfa53adc63a],
PUP.Optional.Conduit.A, C:\Skype_TSV1LQ49.exe, In Quarantäne, [9d6312eea060c040a425f152877ac23e],
PUP.Optional.Conduit, C:\XMind_TSV45Q85V.exe, In Quarantäne, [dc249070f10f0af68b0597ad8b7957a9],
PUP.Optional.OptimizerPro, C:\$Recycle.Bin\S-1-5-21-517023104-958483264-3855614887-1000\$R3VKFMG.exe, In Quarantäne, [a15f2ad63dc30cf46dd644dd06fb27d9],
PUP.Optional.OptimizerPro, C:\$Recycle.Bin\S-1-5-21-517023104-958483264-3855614887-1000\$R4QCBIR.exe, In Quarantäne, [15eb9a6612eea060142d839e51b0e21e],
PUP.Optional.OptimizerPro, C:\$Recycle.Bin\S-1-5-21-517023104-958483264-3855614887-1000\$RA4543K.exe, In Quarantäne, [02fec53bfe028d73dc6672afc53c50b0],
PUP.Optional.DomaIQ, C:\$Recycle.Bin\S-1-5-21-517023104-958483264-3855614887-1000\$RYTWB7F.exe, In Quarantäne, [15ebc73908f839c7a18916285ba5c937],
PUP.Optional.OpenCandy, C:\Users\Ines\AppData\Local\Temp\tmp6192.tmp, In Quarantäne, [956b37c907f9ad539fbf9f8001fff40c],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nsb823F.exe, In Quarantäne, [a957926e7b859e621299da4811f08e72],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nscAA30.exe, In Quarantäne, [669ad42ca957bc44c6e5b76b19e8639d],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nscC4ED.exe, In Quarantäne, [1fe1cb3536cad7297833051d31d001ff],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nsd3A47.exe, In Quarantäne, [d8280000d9272cd4e4c7a979639eeb15],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nshA02A.exe, In Quarantäne, [55ab3ec218e860a09a11b76b11f04eb2],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nshC24D.exe, In Quarantäne, [cc34cd33d32d51afc4e740e24ab75ca4],
PUP.Optional.Conduit.A, C:\Users\Ines\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [11ef6a968b7525db2a71898ee120827e],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nsmA21E.exe, In Quarantäne, [679919e738c83dc32784170bbe438b75],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nsmBFFB.exe, In Quarantäne, [0bf54cb412eeb24ec3e881a104fd33cd],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nsrA7CE.exe, In Quarantäne, [768a47b97b85dd231b902ff348b9f808],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nss9DAA.exe, In Quarantäne, [649c9f610bf540c0d8d3dc46f011629e],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nsw7CF0.exe, In Quarantäne, [936d25dbd828de227536d34fbb46dd23],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nsw7F61.exe, In Quarantäne, [c13f9967877942be1c8fd15145bc30d0],
PUP.Optional.SearchProtect.A, C:\Users\Ines\AppData\Local\Temp\nswA57C.exe, In Quarantäne, [03fde51b966a0df3ab009092f70a7888],
Backdoor.Bot, C:\Users\Ines\AppData\Local\Temp\3248bc6b-61d4-4764-8f9f-ee58483d0a40\android.exe, In Quarantäne, [936df30d7789a35d962ce08537ca6b95],
Adware.EoRezo, C:\Users\Ines\AppData\Local\Temp\3248bc6b-61d4-4764-8f9f-ee58483d0a40\software\Freesofttoday.exe, In Quarantäne, [2ed203fd867a16eafc642248669b54ac],
PUP.Optional.SkyTech.A, C:\Users\Ines\AppData\Local\Temp\3248bc6b-61d4-4764-8f9f-ee58483d0a40\software\lly_webssearches.exe, In Quarantäne, [1ae622de3cc46a96e4ac2c23758c6a96],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Temp\3248bc6b-61d4-4764-8f9f-ee58483d0a40\software\mediaplayerpluus.exe, In Quarantäne, [7c8436ca4cb436ca08b2c27c7b85926e],
PUP.Optional.ReMarkIt.A, C:\Users\Ines\AppData\Local\Temp\3248bc6b-61d4-4764-8f9f-ee58483d0a40\software\Re-markit_2040-2082.exe, In Quarantäne, [778934ccc739fb05cbf1063823dd3ec2],
Backdoor.Bot, C:\Users\Ines\AppData\Local\Temp\android\android.exe, In Quarantäne, [c93759a7fa06a35dbf0382e3a9589967],
PUP.Optional.SkyTech.A, C:\Users\Ines\AppData\Local\Temp\fullpackage_temp1397031585\alilog.dll, In Quarantäne, [24dcae52946ce51b0f031c16c7395ca4],
PUP.Optional.SkyTech.A, C:\Users\Ines\AppData\Local\Temp\fullpackage_temp1397031585\package1.zip, In Quarantäne, [f30de41c05fb837d1ef4bc76ff0137c9],
PUP.Optional.IePluginService.A, C:\Users\Ines\AppData\Local\Temp\fullpackage_temp1397031585\tmp\SupTab.exe, In Quarantäne, [59a78878a060de22f2bee669be43e719],
PUP.Optional.WpManager, C:\Users\Ines\AppData\Local\Temp\fullpackage_temp1397031585\tmp\wpm.exe, In Quarantäne, [7789d828dd230df3d92996c4ae5309f7],
PUP.Optional.Conduit.A, C:\Users\Ines\AppData\Local\Temp\nsr3BEA\SpSetup.exe, In Quarantäne, [c937c838bd43d32da5f6f72046bbd927],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc7A33.exe, In Quarantäne, [87791ee228d803fd07a46cb661a0669a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscA307.exe, In Quarantäne, [956bb64abc44e917b1fa5bc7be43cc34],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm34AA.exe, In Quarantäne, [619f956b9d63cc34f3b8f92920e1f60a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmC517.exe, In Quarantäne, [21df7987b44c22de83280a18ae538f71],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoD39F.exe, In Quarantäne, [49b76c9438c81be593180d15748dc937],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr52F3.exe, In Quarantäne, [ae52be42e51bdc2464475dc59a67d729],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr5ADF.exe, In Quarantäne, [ba4667994db31fe1acff879bde23b848],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst2B30.exe, In Quarantäne, [f01020e0e21e6997bdeeb270659c08f8],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst77B9.exe, In Quarantäne, [b749dd23e02032ce5358b76b2dd4946c],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst7807.exe, In Quarantäne, [f50b659b926ea060e3c8c45e02ff26da],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, In Quarantäne, [6d937e823bc59769a2c8fa6bb64c30d0],
PUP.Optional.Conduit.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\searchplugins\conduit-search.xml, In Quarantäne, [7e8270908a76ca36e88bd395d929a060],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\search.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\sliders.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [99673dc331cf04fc7fe078f8ca38639d],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdater.ico, In Quarantäne, [2cd4d52b1ee277895502a1d3e71bc63a],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\app.dat, In Quarantäne, [2cd4d52b1ee277895502a1d3e71bc63a],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\data.dat, In Quarantäne, [2cd4d52b1ee277895502a1d3e71bc63a],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config, In Quarantäne, [2cd4d52b1ee277895502a1d3e71bc63a],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\Uninstall.exe, In Quarantäne, [2cd4d52b1ee277895502a1d3e71bc63a],
Trojan.Agent, C:\Windows\hosts, In Quarantäne, [6e9269976c94f20ea0639c3a42c0a65a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [da26e61a629e7d83967f672dcc37c33d],
Trojan.Agent, C:\ProgramData\Updater\updater.exe, Löschen bei Neustart, [f907a25ec43c758be8beddb9c73ca15f],
PUP.Optional.Conduit.A, C:\Users\Ines\AppData\Local\Temp\CT3323737\ddt.csf, In Quarantäne, [837dbc44e917847c148afe5ae41e1de3],
PUP.Optional.Conduit.A, C:\Users\Ines\AppData\Local\Temp\CT3324066\ddt.csf, In Quarantäne, [a957649c60a053ad5945d38508fa9c64],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\announce.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\background.html, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\common.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\contentscript.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\icon128.png, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\icon16.png, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\icon48.png, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\iframecontentscript.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\manifest.json, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\announce.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\background.html, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\common.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\common.js.old, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\contentscript.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\icon.png, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\icon128.png, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\icon16.png, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\icon48.png, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\iframecontentscript.js, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.MultiIE, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.61_0\manifest.json, In Quarantäne, [9070748c619fbc44851ff96029d9e51b],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [9a6604fcb54b38c89d5844168082b050],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\background.html, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\chromeCoreFilesIndex.txt, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\manifest.json, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\popup.html, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\manifest.xml, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins.json, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\1.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\104.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\119.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\14.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\177.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\179.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\180.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\182.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\183.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\19.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\191.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\21.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\22.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\223.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\231.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\232.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\242.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\246.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\28.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\4.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\64.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\72.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\91.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\93.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\extensionData\plugins\97.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\icons\icon128.png, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\icons\icon16.png, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\icons\icon48.png, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\icons\actions\1.png, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\background.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\main.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\platformVersion.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\api\chrome.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\api\cookie.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\api\message.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\api\monitor.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\api\pageAction.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\api\pageActionBG.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\app_api.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\bg_app_api.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\consts.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\cookie_store.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\crossriderAPI.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\delegate.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\events.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\extensionDataStore.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\installer.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\logFile.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\logging.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\onBGDocumentLoad.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\reports.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\storageWrapper.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\updateManager.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\util.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\xhr.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\popupResource\newPopup.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.35_0\js\lib\popupResource\popup.js, In Quarantäne, [51afd32def1136ca1b7d203e1ae8f30d],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome.manifest, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\install.rdf, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\index.html, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook .js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_help er.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\js\library.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\icon128.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\icon16.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\icon48.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\iconsmall.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\search.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\style.css, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\27.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\1.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\10.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\11.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\12.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\13.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\14.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\15.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\16.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\17.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\18.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\19.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\2.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\20.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\21.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\22.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\23.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\24.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\25.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\26.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\28.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\29.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\3.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\30.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\31.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\32.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\33.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\34.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\35.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\36.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\37.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\38.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\39.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\4.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\40.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\41.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\42.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\43.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\44.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\45.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\46.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\47.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\5.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\6.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\7.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\8.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\chrome\skin\weather\9.png, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\addonmanager.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\aes.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\config.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\dialogs.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\last_tab.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\misc.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\properties.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\remoterequest.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.QuickStart.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\extensions\quick_start@gmail.com\modules\settings.js, In Quarantäne, [9967dc2431cf956b2f9c4717a16138c8],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\92.json, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\uninstallDlg.xml, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\UninstallManager.exe, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [c43c7f81699744bcb7761d4215ed659b],
PUP.Optional.WebsSearches.A, C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage" : "hxxp://istart.webssearches.com/?type=hp&ts=1397031740&from=tugs&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUM99095890958",), Ersetzt,[53ad56aa0ef230d05894a1a5ba4abd43]
PUP.Optional.CrossRider.A, C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1454598127a21edb15a4e915cceff421")

, Ersetzt,[1de338c868987a862114321453b14fb1]

Physische Sektoren: 0
(No malicious items detected)

(end)

ines_1 · 10.04.2014, 12:23

So, hier die Ergebisse vom Adw Cleaner:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 10/04/2014 um 12:07:27
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Ines - INES-PC
# Gestartet von : C:\Program Files\mailwarebytes anti-mailware empfohlen\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 70e6ca8c
Dienst Gelöscht : Application Updater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Websteroids
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Ines\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Ines\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Ines\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Ines\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\user.js

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : suggest_url
Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9275 octets] - [10/04/2014 12:05:51]
AdwCleaner[S0].txt - [7060 octets] - [10/04/2014 12:07:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7120 octets] ##########

--- --- ---

So, hier die Ergebisse vom Adw Cleaner:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 10/04/2014 um 12:07:27
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Ines - INES-PC
# Gestartet von : C:\Program Files\mailwarebytes anti-mailware empfohlen\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 70e6ca8c
Dienst Gelöscht : Application Updater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Websteroids
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Ines\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Ines\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Ines\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Ines\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\user.js

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Ines\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : suggest_url
Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9275 octets] - [10/04/2014 12:05:51]
AdwCleaner[S0].txt - [7060 octets] - [10/04/2014 12:07:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7120 octets] ##########

--- --- ---

So, hier der JRT.txt und im Anschluss das frische FRST log:JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Ines on 10.04.2014 at 12:18:12,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Emptied folder: C:\Users\Ines\AppData\Roaming\mozilla\firefox\profiles\6i7lxef7.default\minidumps [138 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.04.2014 at 12:24:22,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Ines (administrator) on INES-PC on 10-04-2014 13:22:37
Running from C:\Users\Ines\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [fst_de_1] - [X]
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD73A92973540CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {3CFF21E2-E5D1-4F6E-B897-E68708BAC007} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Ask Search
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Ines\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Better Experience - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\support@betterxperience.com [2014-02-01]
FF Extension: Address Bar Search - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-26]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: Google
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (YouTube) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
CHR StartMenuInternet: Google Chrome - Chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 12:24 - 2014-04-10 12:24 - 00000883 _____ () C:\Users\Ines\Desktop\JRT.txt
2014-04-10 12:18 - 2014-04-10 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 12:05 - 2014-04-10 12:07 - 00000000 ____D () C:\AdwCleaner
2014-04-10 11:55 - 2014-04-10 11:55 - 00102283 _____ () C:\Users\Ines\Desktop\mbam.txt
2014-04-10 11:14 - 2014-04-10 12:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-10 11:14 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 11:14 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 11:14 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 10:50 - 2014-04-10 11:49 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\Nico Mak Computing
2014-04-10 10:46 - 2014-04-10 12:17 - 00000000 ____D () C:\Program Files\mailwarebytes anti-mailware empfohlen
2014-04-09 12:18 - 2014-04-09 16:51 - 00017141 _____ () C:\Users\Ines\Desktop\Addition.txt
2014-04-09 12:17 - 2014-04-10 13:22 - 00010446 _____ () C:\Users\Ines\Desktop\FRST.txt
2014-04-09 12:17 - 2014-04-10 13:22 - 00000000 ____D () C:\FRST
2014-04-09 12:17 - 2014-04-09 12:17 - 02157056 _____ (Farbar) C:\Users\Ines\Desktop\FRST64.exe
2014-04-09 12:10 - 2014-04-09 12:16 - 00000470 _____ () C:\Users\Ines\Desktop\defogger_disable.log
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 _____ () C:\Users\Ines\defogger_reenable
2014-04-09 12:05 - 2014-04-09 12:05 - 00050477 _____ () C:\Users\Ines\Desktop\Defogger.exe
2014-04-09 11:56 - 2014-04-09 11:55 - 00309297 _____ () C:\Users\Ines\Desktop\Einladung mündliche prüfung.jpeg
2014-04-09 10:43 - 2014-04-09 10:43 - 04892480 _____ (WinZip International LLC ) C:\Program Files\wzmp_8.exe
2014-04-09 10:20 - 2014-04-09 10:20 - 01100952 _____ (AnyProtect.com) C:\Users\Ines\AppData\Local\nscFC99.tmp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 10:19 - 2014-04-10 10:33 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-27 22:34 - 2014-03-27 22:33 - 00657608 _____ () C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg
2014-03-22 08:48 - 2014-03-22 16:42 - 00000000 ____D () C:\Users\Ines\Desktop\PRÜFUNG MÜNDLICH
2014-03-18 11:31 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-18 10:16 - 2014-03-18 10:16 - 00000000 _____ () C:\autoexec.bat
2014-03-17 18:56 - 2014-03-17 18:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-12 12:08 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 12:08 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 12:08 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 12:08 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 12:08 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 12:08 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 12:08 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 12:08 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 12:08 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 12:08 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 12:08 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 12:08 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 12:08 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 12:08 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:08 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 12:08 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 12:08 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 12:08 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 12:08 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 12:08 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:08 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 12:08 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 12:08 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 12:08 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 12:08 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 12:08 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 12:08 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 12:08 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 12:08 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 12:08 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 12:08 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 12:08 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 12:08 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 12:08 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 12:08 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 12:08 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 12:08 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 12:08 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 12:08 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 12:08 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 12:08 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 12:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 12:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 12:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 12:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 12:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 12:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-10 13:22 - 2014-04-09 12:17 - 00010446 _____ () C:\Users\Ines\Desktop\FRST.txt
2014-04-10 13:22 - 2014-04-09 12:17 - 00000000 ____D () C:\FRST
2014-04-10 13:03 - 2013-04-11 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 12:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 12:54 - 2012-11-08 17:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 12:24 - 2014-04-10 12:24 - 00000883 _____ () C:\Users\Ines\Desktop\JRT.txt
2014-04-10 12:18 - 2014-04-10 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 12:17 - 2014-04-10 10:46 - 00000000 ____D () C:\Program Files\mailwarebytes anti-mailware empfohlen
2014-04-10 12:17 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 12:17 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 12:13 - 2011-08-12 22:01 - 01689329 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 12:11 - 2014-04-10 11:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 12:09 - 2012-11-08 17:08 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 12:09 - 2009-07-14 06:51 - 00563515 _____ () C:\Windows\setupact.log
2014-04-10 12:07 - 2014-04-10 12:05 - 00000000 ____D () C:\AdwCleaner
2014-04-10 12:07 - 2012-11-08 17:09 - 00001287 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 12:07 - 2011-08-12 16:27 - 00001058 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-10 11:55 - 2014-04-10 11:55 - 00102283 _____ () C:\Users\Ines\Desktop\mbam.txt
2014-04-10 11:49 - 2014-04-10 10:50 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\Nico Mak Computing
2014-04-10 11:45 - 2014-01-04 12:49 - 00000000 ____D () C:\ProgramData\Updater
2014-04-10 11:45 - 2011-08-12 16:36 - 00509570 _____ () C:\Windows\PFRO.log
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-10 10:39 - 2009-07-14 19:58 - 00702942 _____ () C:\Windows\system32\perfh007.dat
2014-04-10 10:39 - 2009-07-14 19:58 - 00150582 _____ () C:\Windows\system32\perfc007.dat
2014-04-10 10:39 - 2009-07-14 07:13 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 10:33 - 2014-04-09 10:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 10:31 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-10 10:29 - 2011-08-12 16:45 - 00000000 ____D () C:\Users\Ines\Documents\Outlook-Dateien
2014-04-09 17:05 - 2012-11-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-09 16:51 - 2014-04-09 12:18 - 00017141 _____ () C:\Users\Ines\Desktop\Addition.txt
2014-04-09 12:17 - 2014-04-09 12:17 - 02157056 _____ (Farbar) C:\Users\Ines\Desktop\FRST64.exe
2014-04-09 12:16 - 2014-04-09 12:10 - 00000470 _____ () C:\Users\Ines\Desktop\defogger_disable.log
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 _____ () C:\Users\Ines\defogger_reenable
2014-04-09 12:07 - 2011-08-12 16:20 - 00000000 ____D () C:\Users\Ines
2014-04-09 12:05 - 2014-04-09 12:05 - 00050477 _____ () C:\Users\Ines\Desktop\Defogger.exe
2014-04-09 11:55 - 2014-04-09 11:56 - 00309297 _____ () C:\Users\Ines\Desktop\Einladung mündliche prüfung.jpeg
2014-04-09 10:43 - 2014-04-09 10:43 - 04892480 _____ (WinZip International LLC ) C:\Program Files\wzmp_8.exe
2014-04-09 10:20 - 2014-04-09 10:20 - 01100952 _____ (AnyProtect.com) C:\Users\Ines\AppData\Local\nscFC99.tmp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-08 16:35 - 2014-01-04 12:50 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\Skype
2014-04-04 18:28 - 2014-03-04 11:43 - 00000000 ____D () C:\Program Files (x86)\XMind
2014-04-03 09:51 - 2014-04-10 11:14 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 11:14 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 11:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 21:49 - 2012-11-08 17:08 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-01 21:49 - 2012-11-08 17:08 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 22:33 - 2014-03-27 22:34 - 00657608 _____ () C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg
2014-03-22 16:42 - 2014-03-22 08:48 - 00000000 ____D () C:\Users\Ines\Desktop\PRÜFUNG MÜNDLICH
2014-03-22 01:36 - 2012-01-23 22:43 - 00000000 ____D () C:\Users\Ines\Desktop\HP-Ausbildung
2014-03-20 07:46 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-19 00:47 - 2013-08-14 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 00:45 - 2011-08-21 19:04 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 11:32 - 2014-03-18 11:31 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-18 10:16 - 2014-03-18 10:16 - 00000000 _____ () C:\autoexec.bat
2014-03-17 18:56 - 2014-03-17 18:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-17 18:56 - 2011-08-12 16:55 - 00009349 _____ () C:\Users\Ines\AppData\Roaming\Kommagetrennte Werte (DOS).EML
2014-03-17 18:31 - 2012-01-09 23:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-13 18:10 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 01:27 - 2011-08-12 16:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 12:03 - 2013-04-11 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 12:03 - 2013-04-04 07:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:03 - 2011-08-17 22:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Ines\AppData\Local\Temp\APNSetup.exe
C:\Users\Ines\AppData\Local\Temp\AskSLib.dll
C:\Users\Ines\AppData\Local\Temp\avgnt.exe
C:\Users\Ines\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ines\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Ines\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Ines\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ines\AppData\Local\Temp\ose00000.exe
C:\Users\Ines\AppData\Local\Temp\Quarantine.exe
C:\Users\Ines\AppData\Local\Temp\SHSetup.exe
C:\Users\Ines\AppData\Local\Temp\Updater.exe
C:\Users\Ines\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 12:47

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 11.04.2014, 06:39

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

ines_1 · 11.04.2014, 14:56

Hi,

klappt alles wunderbar

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=faaf1095465cef41aec82ba8a551b625
# engine=17844
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-11 12:06:27
# local_time=2014-04-11 02:06:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 16275 148847837 0 0
# scanned=193494
# found=7
# cleaned=0
# scan_time=4803
sh=37FF9AF0A4A175AFF14252C3FFA6CCC03A24ACBD ft=1 fh=ff3435be19cccc9e vn="a variant of Win32/SpeedingUpMyPC.F application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-517023104-958483264-3855614887-1000\$R54OMB1.exe"
sh=2F367F244D08950211E4C05FB8EF8E0959BB773A ft=1 fh=20d3e0bbdedcd685 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-517023104-958483264-3855614887-1000\$R55WSJM.exe"
sh=9ABE489AF3684ABB96AB39F112768F69C83D0F8E ft=1 fh=f7fcd12f54d4e5cc vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-517023104-958483264-3855614887-1000\$RE3NG5F.exe"
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="C:\ProgramData\Updater\Uninstall.exe"
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="C:\Users\All Users\Updater\Uninstall.exe"
sh=0713B697C060B8A0AFFAC7DFDCE137D5B9A0D7E1 ft=1 fh=ef58751f9c7a4a0d vn="MSIL/Adware.PullUpdate.A application" ac=I fn="C:\Users\Ines\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4XZ8X0Z5\Setup[1].exe"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="multiple threats" ac=I fn="C:\Users\Ines\AppData\Local\Temp\{7AE4E4C5-FACB-4F33-BFFC-4469435F1DDD}\setup.exe"

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 12.0.0.77
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by Ines (administrator) on INES-PC on 11-04-2014 14:32:04
Running from C:\Users\Ines\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [fst_de_1] - [X]
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD73A92973540CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {3CFF21E2-E5D1-4F6E-B897-E68708BAC007} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Ask Search
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Ines\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Better Experience - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\support@betterxperience.com [2014-02-01]
FF Extension: Address Bar Search - C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\6i7lxef7.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-26]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (YouTube) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\Ines\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
CHR StartMenuInternet: Google Chrome - Chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-11 14:26 - 2014-04-11 14:26 - 00987448 _____ () C:\Users\Ines\Desktop\SecurityCheck.exe
2014-04-10 12:24 - 2014-04-10 12:24 - 00000883 _____ () C:\Users\Ines\Desktop\JRT.txt
2014-04-10 12:18 - 2014-04-10 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 12:05 - 2014-04-10 12:07 - 00000000 ____D () C:\AdwCleaner
2014-04-10 11:55 - 2014-04-10 11:55 - 00102283 _____ () C:\Users\Ines\Desktop\mbam.txt
2014-04-10 11:14 - 2014-04-11 10:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-10 11:14 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 11:14 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-10 11:14 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 10:50 - 2014-04-10 11:49 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\Nico Mak Computing
2014-04-10 10:46 - 2014-04-11 12:43 - 00000000 ____D () C:\Program Files\mailwarebytes anti-mailware empfohlen
2014-04-10 08:48 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 08:48 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 08:48 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 08:48 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 08:47 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 08:47 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 08:47 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 08:47 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 08:47 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 08:47 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 08:47 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 08:47 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 08:47 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 08:47 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 08:47 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 08:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 08:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 08:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 08:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 08:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 08:47 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 12:18 - 2014-04-09 16:51 - 00017141 _____ () C:\Users\Ines\Desktop\Addition.txt
2014-04-09 12:17 - 2014-04-11 14:32 - 00010196 _____ () C:\Users\Ines\Desktop\FRST.txt
2014-04-09 12:17 - 2014-04-11 14:32 - 00000000 ____D () C:\FRST
2014-04-09 12:17 - 2014-04-09 12:17 - 02157056 _____ (Farbar) C:\Users\Ines\Desktop\FRST64.exe
2014-04-09 12:10 - 2014-04-09 12:16 - 00000470 _____ () C:\Users\Ines\Desktop\defogger_disable.log
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 _____ () C:\Users\Ines\defogger_reenable
2014-04-09 12:05 - 2014-04-09 12:05 - 00050477 _____ () C:\Users\Ines\Desktop\Defogger.exe
2014-04-09 10:43 - 2014-04-09 10:43 - 04892480 _____ (WinZip International LLC ) C:\Program Files\wzmp_8.exe
2014-04-09 10:20 - 2014-04-09 10:20 - 01100952 _____ (AnyProtect.com) C:\Users\Ines\AppData\Local\nscFC99.tmp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 10:19 - 2014-04-10 10:33 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-27 22:34 - 2014-03-27 22:33 - 00657608 _____ () C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg
2014-03-22 08:48 - 2014-03-22 16:42 - 00000000 ____D () C:\Users\Ines\Desktop\PRÜFUNG MÜNDLICH
2014-03-18 11:31 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-18 10:16 - 2014-03-18 10:16 - 00000000 _____ () C:\autoexec.bat
2014-03-17 18:56 - 2014-03-17 18:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-12 12:08 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 12:08 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 12:08 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 12:08 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 12:08 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 12:08 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 12:08 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 12:08 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 12:08 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 12:08 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 12:08 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:08 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 12:08 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 12:08 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 12:08 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 12:08 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:08 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 12:08 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 12:08 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 12:08 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 12:08 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 12:08 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 12:08 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 12:08 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 12:08 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 12:08 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 12:08 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 12:08 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 12:08 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 12:08 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 12:08 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 12:08 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 12:08 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 12:08 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 12:08 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 12:08 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 12:08 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 12:08 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 12:08 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 12:08 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 12:07 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 12:07 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 12:07 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:07 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-11 14:32 - 2014-04-09 12:17 - 00010196 _____ () C:\Users\Ines\Desktop\FRST.txt
2014-04-11 14:32 - 2014-04-09 12:17 - 00000000 ____D () C:\FRST
2014-04-11 14:26 - 2014-04-11 14:26 - 00987448 _____ () C:\Users\Ines\Desktop\SecurityCheck.exe
2014-04-11 14:17 - 2011-08-12 22:01 - 02080517 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 14:03 - 2013-04-11 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 13:54 - 2012-11-08 17:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 13:07 - 2009-07-14 19:58 - 00702942 _____ () C:\Windows\system32\perfh007.dat
2014-04-11 13:07 - 2009-07-14 19:58 - 00150582 _____ () C:\Windows\system32\perfc007.dat
2014-04-11 13:07 - 2009-07-14 07:13 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-11 12:44 - 2011-08-12 16:45 - 00000000 ____D () C:\Users\Ines\Documents\Outlook-Dateien
2014-04-11 12:43 - 2014-04-10 10:46 - 00000000 ____D () C:\Program Files\mailwarebytes anti-mailware empfohlen
2014-04-11 12:42 - 2009-07-14 06:51 - 00563717 _____ () C:\Windows\setupact.log
2014-04-11 10:32 - 2014-04-10 11:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-11 09:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-11 09:09 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 09:09 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 09:02 - 2012-11-08 17:08 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 09:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 23:40 - 2011-08-12 16:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 23:39 - 2013-08-14 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 23:38 - 2011-08-21 19:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 23:36 - 2014-01-04 12:50 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\Skype
2014-04-10 23:29 - 2012-01-23 22:43 - 00000000 ____D () C:\Users\Ines\Desktop\HP-Ausbildung
2014-04-10 18:54 - 2014-03-04 17:55 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-10 18:54 - 2014-01-04 12:50 - 00000000 ____D () C:\ProgramData\Skype
2014-04-10 15:31 - 2014-03-04 11:43 - 00000000 ____D () C:\Program Files (x86)\XMind
2014-04-10 12:24 - 2014-04-10 12:24 - 00000883 _____ () C:\Users\Ines\Desktop\JRT.txt
2014-04-10 12:18 - 2014-04-10 12:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 12:07 - 2014-04-10 12:05 - 00000000 ____D () C:\AdwCleaner
2014-04-10 12:07 - 2012-11-08 17:09 - 00001287 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 12:07 - 2011-08-12 16:27 - 00001058 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-10 11:55 - 2014-04-10 11:55 - 00102283 _____ () C:\Users\Ines\Desktop\mbam.txt
2014-04-10 11:49 - 2014-04-10 10:50 - 00000000 ____D () C:\Users\Ines\AppData\Roaming\Nico Mak Computing
2014-04-10 11:45 - 2014-01-04 12:49 - 00000000 ____D () C:\ProgramData\Updater
2014-04-10 11:45 - 2011-08-12 16:36 - 00509570 _____ () C:\Windows\PFRO.log
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 11:14 - 2014-04-10 11:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-10 10:33 - 2014-04-09 10:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 10:31 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-09 17:05 - 2012-11-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-09 16:51 - 2014-04-09 12:18 - 00017141 _____ () C:\Users\Ines\Desktop\Addition.txt
2014-04-09 12:17 - 2014-04-09 12:17 - 02157056 _____ (Farbar) C:\Users\Ines\Desktop\FRST64.exe
2014-04-09 12:16 - 2014-04-09 12:10 - 00000470 _____ () C:\Users\Ines\Desktop\defogger_disable.log
2014-04-09 12:07 - 2014-04-09 12:07 - 00000000 _____ () C:\Users\Ines\defogger_reenable
2014-04-09 12:07 - 2011-08-12 16:20 - 00000000 ____D () C:\Users\Ines
2014-04-09 12:05 - 2014-04-09 12:05 - 00050477 _____ () C:\Users\Ines\Desktop\Defogger.exe
2014-04-09 10:43 - 2014-04-09 10:43 - 04892480 _____ (WinZip International LLC ) C:\Program Files\wzmp_8.exe
2014-04-09 10:20 - 2014-04-09 10:20 - 01100952 _____ (AnyProtect.com) C:\Users\Ines\AppData\Local\nscFC99.tmp
2014-04-09 10:20 - 2014-04-09 10:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-09 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-03 09:51 - 2014-04-10 11:14 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 11:14 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-10 11:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 21:49 - 2012-11-08 17:08 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-01 21:49 - 2012-11-08 17:08 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 03:16 - 2014-04-10 08:48 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 08:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 08:48 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-27 22:33 - 2014-03-27 22:34 - 00657608 _____ () C:\Users\Ines\Desktop\Lehrplan Phytotherapie.jpeg
2014-03-22 16:42 - 2014-03-22 08:48 - 00000000 ____D () C:\Users\Ines\Desktop\PRÜFUNG MÜNDLICH
2014-03-20 07:46 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-18 11:32 - 2014-03-18 11:31 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-18 10:16 - 2014-03-18 10:16 - 00000000 _____ () C:\autoexec.bat
2014-03-17 18:56 - 2014-03-17 18:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-17 18:56 - 2011-08-12 16:55 - 00009349 _____ () C:\Users\Ines\AppData\Roaming\Kommagetrennte Werte (DOS).EML
2014-03-17 18:31 - 2012-01-09 23:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-13 18:10 - 2009-07-14 06:45 - 00416312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 12:03 - 2013-04-11 21:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 12:03 - 2013-04-04 07:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:03 - 2011-08-17 22:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Ines\AppData\Local\Temp\APNSetup.exe
C:\Users\Ines\AppData\Local\Temp\AskSLib.dll
C:\Users\Ines\AppData\Local\Temp\avgnt.exe
C:\Users\Ines\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ines\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Ines\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Ines\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ines\AppData\Local\Temp\ose00000.exe
C:\Users\Ines\AppData\Local\Temp\Quarantine.exe
C:\Users\Ines\AppData\Local\Temp\SHSetup.exe
C:\Users\Ines\AppData\Local\Temp\Updater.exe
C:\Users\Ines\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 12:47

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hi, der PC ist jetzt auf jeden Fall schneller :-) aber die Startseite lässt sich immer noch nicht ändern. Jetzt ist es folgende Startseite: chrome://quick_start/content/index.html

Ansonsten schon mal vielen herzlichen Dank!!! Die txt Dateien kann ich sicherlich wieder löschen. Kannst du mir Programme als komplette Sicherung für meinen Rechner empfehlen? Ich bin mit meinem Stick immer in der Schule unterwegs und dort sind ständig irgendwelche "Haustier" im Umlauf.

schrauber · 13.04.2014, 16:23

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$Recycle.Bin
C:\ProgramData\Updater
FF NewTab: chrome://quick_start/content/index.html
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Internetstartseite hat sich geändert in "Quick Start" und lässt sich nicht ändern

Plagegeister aller Art und deren Bekämpfung: Internetstartseite hat sich geändert in "Quick Start" und lässt sich nicht ändern