Hallo Zusammen,

ich habe vorhin einen Excel WM-Spielplan heruntergeladen und installiert und daraufhin Raving Reyven in den installierten Programmen entdeckt.

Dort habe ich es vorerst nicht deinstalliert, sondern bin statt dessen die Schritte der Anleitung hier im Forum durchgegangen.

Die Logfiles habe ich angehängt.

Bin Euch für jede Hilfe dankbar.

Lieben Gruß
Bobby

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Hallo Cosinus,

danke für die schnelle Antwort. Also hier jetzt nochmal die Logs:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 08.06.2014
Scan Time: 17:25:39
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.08.03
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288476
Time Elapsed: 9 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\updateravingreyven.exe, 4584, Delete-on-Reboot, [42c15d195c1f81b58effaac6f40db54b]
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe, 200, Delete-on-Reboot, [1fe4beb80279b4826b220e62b84959a7]

Modules: 0
(No malicious items detected)

Registry Keys: 40
PUP.Optional.RavingReyven.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update raving reyven, Quarantined, [42c15d195c1f81b58effaac6f40db54b], 
PUP.Optional.RavingReyven.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util raving reyven, Quarantined, [1fe4beb80279b4826b220e62b84959a7], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831158}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831158}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544834458}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555835558}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566836658}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555835558}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566836658}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544834458}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058358.BHO.1, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511831158}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511831158}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058358.BHO, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058358.BHO, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058358.BHO.1, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522832258}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058358.Sandbox.1, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058358.Sandbox, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058358.Sandbox, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058358.Sandbox.1, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522832258}, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831158}\INPROCSERVER32, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c2411c5a4b3011251dfcafc2d72b847c], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c2411c5a4b3011251dfcafc2d72b847c], 
PUP.Optional.RavingReyven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0f866026-a8bb-42a7-987f-2f92715a8147}, Quarantined, [38cbef87accfa5918fe761d909f9f20e], 
PUP.Optional.RavingReyven.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{235FFD6C-B595-4CE6-82D8-4248C636A9C3}, Quarantined, [38cbef87accfa5918fe761d909f9f20e], 
PUP.Optional.RavingReyven.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97E96CD8-BB3E-4BE1-931D-E640A2C423C7}, Quarantined, [38cbef87accfa5918fe761d909f9f20e], 
PUP.Optional.RavingReyven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{97E96CD8-BB3E-4BE1-931D-E640A2C423C7}, Quarantined, [38cbef87accfa5918fe761d909f9f20e], 
PUP.Optional.RavingReyven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{235FFD6C-B595-4CE6-82D8-4248C636A9C3}, Quarantined, [38cbef87accfa5918fe761d909f9f20e], 
PUP.Optional.RavingReyven.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0F866026-A8BB-42A7-987F-2F92715A8147}, Quarantined, [38cbef87accfa5918fe761d909f9f20e], 
PUP.Optional.RavingReyven.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\raving reyven, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [b053e492e893b581fd22931ad0328977], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\PSHD-9.9, Quarantined, [a45f274f07740432410d277bea18f20e], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [a0633d39473477bf37e8a508f210bd43], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1599265730-1441880166-3109425819-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [14efbdb96c0f91a547ea03e157ac12ee], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1599265730-1441880166-3109425819-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PSHD-9.9, Quarantined, [15ee06703249d26465e7fba7d42e6d93], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1599265730-1441880166-3109425819-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [7f84472ff784c274958b1f8ef1119f61], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1599265730-1441880166-3109425819-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\PlusVHD, Quarantined, [3ac9195dc0bb092dad1b832916ec0ef2], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PSHD-9.9, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 17
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven, Delete-on-Reboot, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin, Delete-on-Reboot, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\defaults, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\defaults\preferences, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\userCode, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\locale, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\locale\en-US, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 

Files: 154
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\updateravingreyven.exe, Delete-on-Reboot, [42c15d195c1f81b58effaac6f40db54b], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe, Delete-on-Reboot, [1fe4beb80279b4826b220e62b84959a7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bho64.dll, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bho.dll, Quarantined, [ec1746307b000630d9edf488f20fb24e], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\ravingreyvenBHO.dll, Quarantined, [38cbef87accfa5918fe761d909f9f20e], 
PUP.Optional.RavingReyven.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\{e63d9559-e4c3-499e-867a-a3c9d0a21400}.xpi, Quarantined, [699aea8c0972989e335e188813efb050], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\ravingreyven.ico, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\0, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\7za.exe, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\ravingreyven.FirstRun.exe, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\ravingreyvenUninstall.exe, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\updateravingreyven.InstallState, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\ravingreyven.PurBrowse64.exe, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\ravingreyven.PurBrowseG.zip, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\utilravingreyven.InstallState, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.Bromon.dll, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.BroStats.dll, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.BrowserAdapterS.dll, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.CompatibilityChecker.dll, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.FFUpdate.dll, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.IEUpdate.dll, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.RavingReyven.A, D:\Program Files (x86)\raving reyven\bin\plugins\ravingreyven.PurBrowseG.dll, Quarantined, [54af5026e9920a2c4d5f75359969de22], 
PUP.Optional.CrossRider.A, D:\Windows\Tasks\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-1.job, Quarantined, [887bf97d75062d094e569f0c8b77a35d], 
PUP.Optional.CrossRider.A, D:\Windows\Tasks\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-2.job, Quarantined, [4bb8c9adc9b25fd7a103e4c7c63c5ca4], 
PUP.Optional.CrossRider.A, D:\Windows\Tasks\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-3.job, Quarantined, [b2519fd7601b6fc79311eac127dbb44c], 
PUP.Optional.CrossRider.A, D:\Windows\Tasks\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-4.job, Quarantined, [f80b3046e89304321a8afead09f94cb4], 
PUP.Optional.CrossRider.A, D:\Windows\Tasks\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-5.job, Quarantined, [6c9716602e4d072fd0d43675c43e9e62], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome.manifest, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\install.rdf, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\76b5394d65658b12fdc89ab896ff8732.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\abf05c2b92d644b4bd474715bdec1296.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\b46416dfac96e6c4fb7f4c28fa474ba4.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\background.html, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\browser.xul, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\dialog.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\f05eeeed24a218f0a02cee451d2fa491.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\fd9735f2c98aeec6ee5db7ca69372fb0.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\options.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\options.xul, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\search_dialog.xul, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\a783b08a475035548f5b742f6a88c82f.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\2655ecb485d038f123e703a72bc17f82.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\50e7b951424bd617c40c31c42c1f4f56.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\51f19b3a72ab0967f65ea81bea848d40.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\55d42018a8538186027218cad4c8ccc7.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\5713840f96c4b5e553d58a8608a8d0a5.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\6e3cf03c60a1617120791e38d51dc576.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\6e4d6d4cd9a975d00c3021dcc6cb7ed7.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\900aa9afc9679bb8bd511fb575edece2.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\c293e4c1e85fef6b94d37976f43fb837.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\c76d82d2708f5d46c6261e9741f82551.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\ddcb890f5cce5b535603588fa997d693.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\df465546209ffb9c188418ac4c5fe44c.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\f7bc9553296f7bc95c6949464e56717f.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\fdab5d8756c4200dae8c2a6c37d38d5f.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\api\fe276ade9963cfbb985a6f100244f0fb.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\afdb9742648ae5bdd92ffc90bba3f66c.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\09502bfe1fa8c79a8b8a2e4015ad2697.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\2297acbbf0ca37b8ccd3c186b35b57e8.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\26e2a68a891b0e19ea68d51bb3718827.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\3b743f60f7a7a4f6e9dbbc1326e3834f.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\498b55555ebddebccfeb3832122c119e.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\4de3f1128c5244cd120737814cd5e8c7.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\537e10f964e862311f2e02a6835658db.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\62c67cb2dbdb347918a23d2417b24d42.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\73ac37b80673501387389b306dd9d5ef.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\8c57133744785c1b1e0d68d37718a4db.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\972417d74d65f3fbb9d93a0be7187852.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\a3a5d5d4bd1bd6b8c91656d6e308e343.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\b31a6f1fafdaffeabd20583d6059cbd8.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\b38b0f67e44fc3cdeef71c7aa4359501.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\bce06e83d1cb64a8df9019f885711e96.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\d45f6d66f6ad4095dda97487b1f8dc6c.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\dccda1ff31f8602053a834ee287919b5.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\e30f7136f7d949a33a3c42564512b7d4.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\f77b968a2029c296506fad9508cc3695.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\chrome\content\core\installer.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\defaults\preferences\prefs.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\manifest.xml, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins.json, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\1.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\102.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\104.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\119.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\123.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\13.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\14.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\155.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\16.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\17.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\177.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\179.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\180.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\182.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\183.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\184.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\191.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\195.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\207.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\21.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\22.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\220.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\221.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\223.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\231.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\246.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\262.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\263.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\265.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\268.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\28.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\4.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\47.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\64.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\7.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\72.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\78.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\9.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\91.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\93.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\plugins\98.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\userCode\background.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\extensionData\userCode\extension.js, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\locale\en-US\translations.dtd, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\button1.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\button2.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\button3.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\button4.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\button5.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\crossrider_statusbar.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\icon128.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\icon16.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\icon24.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\icon48.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\panelarrow-up.png, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\popup.html, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\skin.css, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\extensions\65c9a8a2-1bf3-4b76-a908-790ed66cf9a5@448cfdc5-7678-4b8e-933a-f13bfbd96c09.com\skin\update.css, Quarantined, [ed16bbbb2a511323841221687a8844bc], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\1293297481.mxaddon, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\360-58358.crx, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\58358.crx, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\58358.xpi, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-2.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-3.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-4.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\5ec6036a-ed58-4a12-9ea4-dfd472b0a734-5.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\background.html, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bg.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\PSHD-9.9-codedownloader.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\PSHD-9.9.ico, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\Uninstall.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.PlusHD.A, D:\Program Files (x86)\PSHD-9.9\utils.exe, Quarantined, [fa09b8be84f77cbaf632c1d1a45e49b7], 
PUP.Optional.CrossRider.A, D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1467b8e2a9313af35d1a44bd2795f9d8");), Replaced,[29da2c4a4d2e59dde0a397044eb6a15f]

Physical Sectors: 0
(No malicious items detected)


(end)
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 08/06/2014 um 17:42:06
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Peter - DIUBLA-PC
# Gestartet von : D:\Users\Peter\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : D:\Program Files (x86)\globalUpdate
Ordner Gelöscht : D:\Program Files (x86)\raving reyven
Ordner Gelöscht : D:\Users\Peter\AppData\Local\globalUpdate
Ordner Gelöscht : D:\Users\Peter\AppData\Local\Temp\raving reyven
Datei Gelöscht : D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\user.js
Datei Gelöscht : D:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : D:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : D:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : D:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\prefs.js ]

Zeile gelöscht : user_pref("extensions.a65c9a8a21bf34b76a908790ed66cf9a5448cfdc576784b8e933af13bfbd96c09com58358.58358.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1467b8e2a9313af35d1a44bd2795f9d8");

*************************

AdwCleaner[R0].txt - [3012 octets] - [08/06/2014 17:40:57]
AdwCleaner[S0].txt - [2868 octets] - [08/06/2014 17:42:06]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [2928 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Peter on 08.06.2014 at 17:54:41,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: D:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\7q0icc5i.default-1389781698631\minidumps [28 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2014 at 18:02:04,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Peter (administrator) on DIUBLA-PC on 08-06-2014 18:49:09
Running from D:\Users\Peter\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) D:\Windows\System32\atiesrxx.exe
(AMD) D:\Windows\System32\atieclxx.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [NeroFilterCheck] => D:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [StartCCC] => D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
IFEO\excel.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\softwareupdate.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\Winword.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x697246226E76CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {306B50BA-67EE-4154-9BDF-97AE54C56F70} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {9DB75C27-AED0-4ef2-973F-913860ED18C9} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
SearchScopes: HKCU - {C4F013FC-3052-4807-8F79-3E945FFF0570} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631
FF Plugin: @adobe.com/FlashPlayer - D:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~3\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~3\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: All-in-One Gestures - D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-01-15]
FF Extension: Adblock Plus - D:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\7q0icc5i.default-1389781698631\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-01]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-28] (AVAST Software)
R2 TuneUp.UtilitiesSvc; D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
S3 ACDaemon; D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

S3 ampa; D:\Windows\system32\ampa.sys [15288 2011-12-26] ()
S3 ampa; D:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] ()
R2 aswHwid; D:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-28] ()
R2 aswMonFlt; D:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-28] (AVAST Software)
R1 aswRdr; D:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-28] (AVAST Software)
R0 aswRvrt; D:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-28] ()
R1 aswSnx; D:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; D:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; D:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; D:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-28] ()
S3 GVTDrv64; D:\Windows\GVTDrv64.sys [30528 2013-07-01] ()
R1 Serial; D:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-08-09] (TuneUp Software)
S3 vpnva; D:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-06-19] (Cisco Systems, Inc.)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; D:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-06-05] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 18:49 - 2014-06-08 18:49 - 00012511 _____ () D:\Users\Peter\Downloads\FRST.txt
2014-06-08 18:48 - 2014-06-08 18:49 - 00000000 ____D () D:\FRST
2014-06-08 18:47 - 2014-06-08 18:47 - 02072576 _____ (Farbar) D:\Users\Peter\Downloads\FRST64.exe
2014-06-08 18:02 - 2014-06-08 18:02 - 00000771 _____ () D:\Users\Peter\Desktop\JRT.txt
2014-06-08 17:54 - 2014-06-08 17:54 - 01016261 _____ (Thisisu) D:\Users\Peter\Downloads\JRT.exe
2014-06-08 17:54 - 2014-06-08 17:54 - 00000000 ____D () D:\Windows\ERUNT
2014-06-08 17:51 - 2014-06-08 17:51 - 00003012 _____ () D:\Users\Peter\Desktop\AdwCleaner[S0].txt
2014-06-08 17:40 - 2014-06-08 17:42 - 00000000 ____D () D:\AdwCleaner
2014-06-08 17:37 - 2014-06-08 17:37 - 00050165 _____ () D:\Users\Peter\Desktop\mbam.txt
2014-06-08 17:23 - 2014-06-08 17:23 - 00122584 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 17:23 - 2014-06-08 17:23 - 00001106 _____ () D:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 17:22 - 2014-06-08 17:23 - 00000000 ____D () D:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-08 17:22 - 2014-06-08 17:22 - 00000000 ____D () D:\ProgramData\Malwarebytes
2014-06-08 17:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 17:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mwac.sys
2014-06-08 17:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbam.sys
2014-06-08 17:19 - 2014-06-08 17:19 - 17292760 _____ (Malwarebytes Corporation ) D:\Users\Peter\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-08 17:19 - 2014-06-08 17:19 - 01333465 _____ () D:\Users\Peter\Downloads\adwcleaner_3.212.exe
2014-06-08 17:05 - 2014-06-05 14:19 - 00061120 _____ (StdLib) D:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-06-08 14:56 - 2014-06-08 14:56 - 00597504 _____ () D:\Users\Peter\Desktop\Copy of WM-14.xls
2014-06-08 14:50 - 2014-06-08 14:50 - 00001168 _____ () D:\Users\Peter\Desktop\100 Euro Guthaben.lnk
2014-06-08 14:50 - 2014-06-08 14:50 - 00001140 _____ () D:\Users\Peter\Desktop\Goodgame Empire.lnk
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () D:\Users\Peter\AppData\Roaming\dlg
2014-06-08 14:50 - 2014-06-08 14:48 - 00128370 _____ () D:\Users\Peter\Desktop\WM-14.zip
2014-06-08 14:47 - 2014-06-08 14:47 - 00469384 _____ () D:\Users\Peter\Downloads\fussball-wm-2014-spielplan.exe
2014-06-03 23:33 - 2014-06-03 23:34 - 01599592 _____ () D:\Users\Peter\Desktop\guitar_new
2014-05-20 19:08 - 2014-05-20 19:08 - 00000000 __SHD () D:\Users\Peter\AppData\Local\EmieUserList
2014-05-20 19:08 - 2014-05-20 19:08 - 00000000 __SHD () D:\Users\Peter\AppData\Local\EmieSiteList
2014-05-16 00:49 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2014-05-16 00:49 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2014-05-16 00:49 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
2014-05-16 00:49 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
2014-05-16 00:49 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) D:\Windows\system32\mshtmled.dll
2014-05-16 00:49 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtmled.dll
2014-05-15 12:22 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) D:\Windows\system32\aepdu.dll
2014-05-15 12:22 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) D:\Windows\system32\aeinv.dll
2014-05-15 12:22 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 12:22 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 12:22 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) D:\Windows\system32\lsasrv.dll
2014-05-15 12:22 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) D:\Windows\system32\sspicli.dll
2014-05-15 12:22 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) D:\Windows\system32\lsass.exe
2014-05-15 12:22 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) D:\Windows\system32\sspisrv.dll
2014-05-15 12:22 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) D:\Windows\system32\secur32.dll
2014-05-15 12:22 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) D:\Windows\SysWOW64\secur32.dll
2014-05-15 12:22 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) D:\Windows\SysWOW64\sspicli.dll
2014-05-15 12:22 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) D:\Windows\system32\shell32.dll
2014-05-15 12:22 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) D:\Windows\SysWOW64\shell32.dll
2014-05-15 12:22 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) D:\Windows\system32\ntoskrnl.exe
2014-05-15 12:22 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) D:\Windows\system32\kerberos.dll
2014-05-15 12:22 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) D:\Windows\system32\objsel.dll
2014-05-15 12:22 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) D:\Windows\system32\KernelBase.dll
2014-05-15 12:22 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) D:\Windows\system32\schannel.dll
2014-05-15 12:22 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) D:\Windows\system32\msv1_0.dll
2014-05-15 12:22 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) D:\Windows\system32\wdigest.dll
2014-05-15 12:22 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) D:\Windows\system32\TSpkg.dll
2014-05-15 12:22 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\wincredprovider.dll
2014-05-15 12:22 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) D:\Windows\system32\winlogon.exe
2014-05-15 12:22 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) D:\Windows\system32\cngprovider.dll
2014-05-15 12:22 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) D:\Windows\system32\adprovider.dll
2014-05-15 12:22 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) D:\Windows\system32\capiprovider.dll
2014-05-15 12:22 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) D:\Windows\system32\dpapiprovider.dll
2014-05-15 12:22 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) D:\Windows\system32\dimsroam.dll
2014-05-15 12:22 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) D:\Windows\system32\credssp.dll
2014-05-15 12:22 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 12:22 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 12:22 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kerberos.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) D:\Windows\SysWOW64\objsel.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msv1_0.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) D:\Windows\SysWOW64\schannel.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wdigest.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) D:\Windows\SysWOW64\TSpkg.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) D:\Windows\SysWOW64\cngprovider.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) D:\Windows\SysWOW64\adprovider.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) D:\Windows\SysWOW64\capiprovider.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) D:\Windows\SysWOW64\dimsroam.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 12:22 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) D:\Windows\SysWOW64\credssp.dll
2014-05-15 12:22 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KernelBase.dll
2014-05-12 16:40 - 2014-05-12 16:40 - 00313256 _____ (Oracle Corporation) D:\Windows\system32\javaws.exe
2014-05-12 16:40 - 2014-05-12 16:40 - 00189352 _____ (Oracle Corporation) D:\Windows\system32\javaw.exe
2014-05-12 16:40 - 2014-05-12 16:40 - 00189352 _____ (Oracle Corporation) D:\Windows\system32\java.exe
2014-05-12 16:40 - 2014-05-12 16:40 - 00108968 _____ (Oracle Corporation) D:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-12 16:40 - 2014-05-12 16:40 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-12 16:40 - 2014-05-12 16:40 - 00000000 ____D () D:\Program Files\Java
2014-05-10 13:08 - 2014-05-10 13:08 - 00000000 ____D () D:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-08 18:49 - 2014-06-08 18:49 - 00012511 _____ () D:\Users\Peter\Downloads\FRST.txt
2014-06-08 18:49 - 2014-06-08 18:48 - 00000000 ____D () D:\FRST
2014-06-08 18:49 - 2013-07-01 15:40 - 00000000 ____D () D:\Users\Peter\AppData\Local\Temp
2014-06-08 18:47 - 2014-06-08 18:47 - 02072576 _____ (Farbar) D:\Users\Peter\Downloads\FRST64.exe
2014-06-08 18:02 - 2014-06-08 18:02 - 00000771 _____ () D:\Users\Peter\Desktop\JRT.txt
2014-06-08 17:54 - 2014-06-08 17:54 - 01016261 _____ (Thisisu) D:\Users\Peter\Downloads\JRT.exe
2014-06-08 17:54 - 2014-06-08 17:54 - 00000000 ____D () D:\Windows\ERUNT
2014-06-08 17:52 - 2013-07-01 18:38 - 00000884 _____ () D:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 17:51 - 2014-06-08 17:51 - 00003012 _____ () D:\Users\Peter\Desktop\AdwCleaner[S0].txt
2014-06-08 17:51 - 2009-07-14 06:45 - 00021680 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 17:51 - 2009-07-14 06:45 - 00021680 ____H () D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 17:48 - 2012-09-21 17:17 - 01738538 _____ () D:\Windows\WindowsUpdate.log
2014-06-08 17:44 - 2010-11-21 05:47 - 00124762 _____ () D:\Windows\PFRO.log
2014-06-08 17:44 - 2009-07-14 07:08 - 00000006 ____H () D:\Windows\Tasks\SA.DAT
2014-06-08 17:44 - 2009-07-14 06:51 - 00062865 _____ () D:\Windows\setupact.log
2014-06-08 17:43 - 2009-07-14 05:20 - 00000000 ____D () D:\Windows\SchCache
2014-06-08 17:42 - 2014-06-08 17:40 - 00000000 ____D () D:\AdwCleaner
2014-06-08 17:37 - 2014-06-08 17:37 - 00050165 _____ () D:\Users\Peter\Desktop\mbam.txt
2014-06-08 17:23 - 2014-06-08 17:23 - 00122584 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 17:23 - 2014-06-08 17:23 - 00001106 _____ () D:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 17:23 - 2014-06-08 17:22 - 00000000 ____D () D:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-08 17:22 - 2014-06-08 17:22 - 00000000 ____D () D:\ProgramData\Malwarebytes
2014-06-08 17:19 - 2014-06-08 17:19 - 17292760 _____ (Malwarebytes Corporation ) D:\Users\Peter\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-08 17:19 - 2014-06-08 17:19 - 01333465 _____ () D:\Users\Peter\Downloads\adwcleaner_3.212.exe
2014-06-08 14:56 - 2014-06-08 14:56 - 00597504 _____ () D:\Users\Peter\Desktop\Copy of WM-14.xls
2014-06-08 14:50 - 2014-06-08 14:50 - 00001168 _____ () D:\Users\Peter\Desktop\100 Euro Guthaben.lnk
2014-06-08 14:50 - 2014-06-08 14:50 - 00001140 _____ () D:\Users\Peter\Desktop\Goodgame Empire.lnk
2014-06-08 14:50 - 2014-06-08 14:50 - 00000000 ____D () D:\Users\Peter\AppData\Roaming\dlg
2014-06-08 14:48 - 2014-06-08 14:50 - 00128370 _____ () D:\Users\Peter\Desktop\WM-14.zip
2014-06-08 14:47 - 2014-06-08 14:47 - 00469384 _____ () D:\Users\Peter\Downloads\fussball-wm-2014-spielplan.exe
2014-06-08 11:25 - 2013-07-01 17:38 - 00004182 _____ () D:\Windows\System32\Tasks\avast! Emergency Update
2014-06-05 14:19 - 2014-06-08 17:05 - 00061120 _____ (StdLib) D:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-06-04 19:58 - 2013-07-08 00:08 - 00000000 ____D () D:\ProgramData\Soulseek
2014-06-03 23:34 - 2014-06-03 23:33 - 01599592 _____ () D:\Users\Peter\Desktop\guitar_new
2014-05-24 21:35 - 2013-07-03 23:42 - 00000000 ____D () D:\Users\Peter\AppData\Roaming\Skype
2014-05-22 21:41 - 2011-04-12 09:43 - 00698688 _____ () D:\Windows\system32\perfh007.dat
2014-05-22 21:41 - 2011-04-12 09:43 - 00148828 _____ () D:\Windows\system32\perfc007.dat
2014-05-22 21:41 - 2009-07-14 07:13 - 01618320 _____ () D:\Windows\system32\PerfStringBackup.INI
2014-05-20 19:08 - 2014-05-20 19:08 - 00000000 __SHD () D:\Users\Peter\AppData\Local\EmieUserList
2014-05-20 19:08 - 2014-05-20 19:08 - 00000000 __SHD () D:\Users\Peter\AppData\Local\EmieSiteList
2014-05-20 09:41 - 2012-09-23 18:23 - 00003694 _____ () D:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-05-19 14:55 - 2012-09-23 16:46 - 00002441 _____ () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 12:43 - 2009-07-14 05:20 - 00000000 ____D () D:\Windows\rescache
2014-05-16 11:11 - 2013-07-01 15:42 - 00000000 ___RD () D:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 11:11 - 2013-07-01 15:42 - 00000000 ___RD () D:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 11:07 - 2014-05-07 00:43 - 00000000 ___SD () D:\Windows\system32\CompatTel
2014-05-16 11:07 - 2009-07-14 05:20 - 00000000 ____D () D:\Windows\PolicyDefinitions
2014-05-16 00:50 - 2012-09-22 11:55 - 00000000 ____D () D:\ProgramData\Microsoft Help
2014-05-16 00:47 - 2013-08-20 03:00 - 00000000 ____D () D:\Windows\system32\MRT
2014-05-16 00:46 - 2013-07-01 18:25 - 93223848 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2014-05-15 19:36 - 2013-12-20 22:36 - 00085328 _____ (AVAST Software) D:\Windows\system32\Drivers\aswstm.sys
2014-05-15 19:36 - 2013-07-01 17:38 - 01039096 _____ (AVAST Software) D:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 19:36 - 2013-07-01 17:38 - 00423240 _____ (AVAST Software) D:\Windows\system32\Drivers\aswsp.sys
2014-05-14 15:52 - 2014-02-21 04:41 - 17938608 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 15:52 - 2013-07-01 18:38 - 00692400 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 15:52 - 2013-07-01 18:38 - 00070832 _____ (Adobe Systems Incorporated) D:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 15:52 - 2013-07-01 18:38 - 00003822 _____ () D:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 16:40 - 2014-05-12 16:40 - 00313256 _____ (Oracle Corporation) D:\Windows\system32\javaws.exe
2014-05-12 16:40 - 2014-05-12 16:40 - 00189352 _____ (Oracle Corporation) D:\Windows\system32\javaw.exe
2014-05-12 16:40 - 2014-05-12 16:40 - 00189352 _____ (Oracle Corporation) D:\Windows\system32\java.exe
2014-05-12 16:40 - 2014-05-12 16:40 - 00108968 _____ (Oracle Corporation) D:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-12 16:40 - 2014-05-12 16:40 - 00000000 ____D () D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-12 16:40 - 2014-05-12 16:40 - 00000000 ____D () D:\Program Files\Java
2014-05-12 09:19 - 2013-07-01 17:23 - 00000000 ____D () D:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-06-08 17:22 - 00091352 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-08 17:22 - 00063704 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-08 17:22 - 00025816 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbam.sys
2014-05-10 13:08 - 2014-05-10 13:08 - 00000000 ____D () D:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 12:22 - 00477184 _____ (Microsoft Corporation) D:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 12:22 - 00424448 _____ (Microsoft Corporation) D:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
D:\Users\Peter\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

D:\Windows\System32\winlogon.exe => MD5 is legit
D:\Windows\System32\wininit.exe => MD5 is legit
D:\Windows\SysWOW64\wininit.exe => MD5 is legit
D:\Windows\explorer.exe => MD5 is legit
D:\Windows\SysWOW64\explorer.exe => MD5 is legit
D:\Windows\System32\svchost.exe => MD5 is legit
D:\Windows\SysWOW64\svchost.exe => MD5 is legit
D:\Windows\System32\services.exe => MD5 is legit
D:\Windows\System32\User32.dll => MD5 is legit
D:\Windows\SysWOW64\User32.dll => MD5 is legit
D:\Windows\System32\userinit.exe => MD5 is legit
D:\Windows\SysWOW64\userinit.exe => MD5 is legit
D:\Windows\System32\rpcss.dll => MD5 is legit
D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-08 11:25

==================== End Of Log ============================
         

--- --- ---

--- --- ---

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Peter at 2014-06-08 18:49:32
Running from D:\Users\Peter\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AOMEI Partition Assistant Home Edition 5.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - Aomei Technology Co., Ltd.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0406.2133.36843 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0406.2132.36843 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0406.2133.36843 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0406.2133.36843 - ATI) Hidden
CCS64 V3.9 (HKLM-x32\...\{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}) (Version: 1.0.0 - Computerbrains C.C.S.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
IPIX ActiveX Viewer (HKLM-x32\...\IPIX ActiveX Viewer) (Version:  - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
KeePass Password Safe 2.24 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.193 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)

==================== Restore Points  =========================

29-04-2014 17:15:58 Windows Update
04-05-2014 01:00:40 Windows Update
06-05-2014 22:43:11 Windows Update
13-05-2014 07:02:22 Windows Update
15-05-2014 22:44:10 Windows Update
21-05-2014 06:52:14 Windows Update
28-05-2014 20:23:35 Geplanter Prüfpunkt
30-05-2014 12:24:19 Windows Update
03-06-2014 18:01:31 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A D:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {014EDFDB-877A-4DF8-8902-65692563B907} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {2088EDEE-BA9B-4D62-8AA0-BEAD0CCE3968} - System32\Tasks\ArcSoft Connect Daemon => D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Task: {2E429FA4-0943-434A-BDC8-0D1B7EC8137A} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-28] (AVAST Software)
Task: {46FE789C-B313-476D-80A9-5C230F403872} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {740BC4BA-3C4B-4FB7-8B78-172BDCFAB6B6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => D:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {8D4D4F5E-9646-4FA1-A67B-88E92F637313} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D7B8CA66-64B4-45E3-AAC5-86FAC56B873B} - System32\Tasks\HP-Online-Aktualisierungsprogramm => D:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {F217E402-BB01-402A-8DF2-16D0859AE3F6} - System32\Tasks\AppleSoftwareUpdate => D:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F3E6A7DD-38BE-449C-BB9D-7670B32C1D79} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\AppleSoftwareUpdate.job => D:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () D:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-09-23 11:45 - 2012-09-23 11:45 - 00270336 _____ () D:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () D:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () D:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-08 11:25 - 2014-06-08 11:25 - 02775040 _____ () D:\Program Files\AVAST Software\Avast\defs\14060800\algo.dll
2013-10-22 17:39 - 2013-10-22 17:39 - 19336120 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-10 13:08 - 2014-05-10 13:08 - 03839088 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () D:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () D:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3581.55 MB
Available physical RAM: 2128.44 MB
Total Pagefile: 7161.29 MB
Available Pagefile: 5473.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Laufwerk) (Fixed) (Total:117.41 GB) (Free:112.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:235.61 GB) (Free:156.83 GB) NTFS
Drive f: (Laufwerk) (Fixed) (Total:112.73 GB) (Free:108.74 GB) NTFS
Drive i: (Elements) (Fixed) (Total:584.08 GB) (Free:108.98 GB) NTFS
Drive j: (ELEMENTSFAT) (Fixed) (Total:347.26 GB) (Free:291.37 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 18471847)
Partition 1: (Not Active) - (Size=236 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0021F320)
Partition 1: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=347 GB) - (Type=0C)

==================== End Of Log ============================
         

Zitat:

Platform: Windows 7 Professional Service Pack 1
Microsoft Office Professional Plus 2010

Ist das ein gewerblich genutztes System?

Nee, nichts gewerbliches. Ganz banal privat.

Warum?

Warum? Hab ich extra zitiert. Für "banale" private Dinge benötigt man weder ein Win7 Pro noch ein Office Pro Plus....

Entschuldige bitte, ich bin dir sehr für deine Hilfe hier dankbar, aber ob und wofür ich Win7 Pro und Office Pro Plus benötige, mußt du schon mir überlassen!

Dürfte ja in Bezug auf mein Raving Reyven Problem auch nicht wirklich eine Rolle spielen. Zumal du ja jetzt weißt, was für ein Betriebssystem und welche Office Version ich verwende.

Aber falls das hier Voraussetzung ist, sich dafür zu rechtfertigen in welcher Form und mit welchem System man seinen Computer benutzt, bevor man Hilfe bekommt, lass es mich bitte wissen. Das war mir nicht bewusst.

LG
Bobby

Zitat:

Entschuldige bitte, ich bin dir sehr für deine Hilfe hier dankbar, aber ob und wofür ich Win7 Pro und Office Pro Plus benötige, mußt du schon mir überlassen!

Warum gleich so gereizt? Ist die Frage warum man Professional (Plus) Versionen rein privat nutzt denn so abwegig?
Wenn ich derartige Versionen in den Logs sehe ist eine Frage nach gewerblicher Nutzung berechtigt. Und wenn ich so etwas vermute muss ich auf diesen Artikel verweisen => http://www.trojaner-board.de/108422-...tml#post758384

Nein, die Frage war keineswegs völlig abwegig. Deshalb habe ich sie dir ja auch unweigerlich und ehrlich beantwortet.

Gereizt reagiert hast dann lediglich Du.

Zitat:

Warum? Hab ich extra zitiert. Für "banale" private Dinge benötigt man weder ein Win7 Pro noch ein Office Pro Plus....

Und das hat dann eben eine schnippische Antwort meinerseits nach sich gezogen. Wahrscheinlich einfach auch ein Mißverständniss. Tut mir Leid, wenn das anders gewirkt hat. Aber dürfte ja jetzt geklärt sein, oder!?

Zitat:

Gereizt reagiert hast dann lediglich Du.

Das war ein Wink mit dem Zaunpfahl, weil ich dachte, du hättest mein Zitat ignoriert.

Zitat:

Aber dürfte ja jetzt geklärt sein, oder!?

Warum man privat derartige Versionen unbedingt braucht zwar nicht, aber du bist ja jetzt darüber informiert worden, dass wir keine Logfiles löschen falls doch irgendwie "dein Chef die Logs gelöscht haben will"


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; D:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-06-05] (StdLib)
D:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014
Ran by Peter at 2014-06-08 23:14:17 Run:1
Running from D:\Users\Peter\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; D:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-06-05] (StdLib)
D:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
         
*****************

{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service stopped successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service deleted successfully.
D:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys => Moved successfully.

==== End of Fixlog ====
         

Okay, dann jetzt Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.06.2014
Suchlauf-Zeit: 23:34:24
Logdatei: mbam_01.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.08.07
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Peter

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 287971
Verstrichene Zeit: 9 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4f151f1c24aaec4598242a500d1c3a80
# engine=18621
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-09 02:38:24
# local_time=2014-06-09 04:38:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 82465 166745194 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 82523 153954554 0 0
# scanned=414588
# found=10
# cleaned=0
# scan_time=59641
sh=AAA52F263AC1F0B737ADA1BD31829784B84606BE ft=1 fh=77122c70c482219d vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Peter\Downloads\fussball-wm-2014-spielplan.exe"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\Black Swan {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\Carnage {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\Iron Sky {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\Moneyball  {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\The Avengers {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\The Man With The Iron Fists {2012} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
sh=04BFD2536899D09566918186B1894A92CAC5B204 ft=1 fh=ded6d3f69b79f185 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\The Way Back   {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"
sh=C9823F44A4173F4923C2091CC49952FFE1AB34AA ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\Triangle {2009} DVDRIP Jaybob\jaybob's_movies_Toolbar_Firefox.xpi"
sh=A27BFBB4988E87828C8448A2EE5A6D1CC925BA2E ft=1 fh=ec9b5e18e14751a4 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Filme\Triangle {2009} DVDRIP Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe"