| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: V9.com ständig auch hierWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.08.2014, 10:20
| #1 |
| |  V9.com ständig auch hier Hallo, ich bin neu hier. Am PC meiner Schwägerin öffnet sich ständig im Firefox www.v9.com. Gestern zuerst Malwarebytes installiert (erster Scanlog siehe unten), nach Neustart besteht das Problem immer noch (zweiter Scanlog siehe unten). Danach hier im board recherchiert und entsprechend Eurer Anweisungen defogger ausgeführt und Scans mit FRST und GMER durchgeführt (Logs siehe unten). Vielen Dank für Eure Arbeit! Grüße Alexander Malwarebytes (1. Log): Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.08.2014 Scan Time: 18:31:10 Logfile: mbam 2014-08-23 18-31 Uhr.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.22.07 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista CPU: x86 File System: NTFS User: Sauerland Scan Type: Threat Scan Result: Completed Objects Scanned: 266282 Time Elapsed: 12 min, 24 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 20 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [a4fb4f7aaecdc373686b38718a78d828], PUP.Optional.Babylon.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [0b943e8bd6a574c2bfa2abc5e31f59a7], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, Quarantined, [17888148651625113e33d721ff03a15f], PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [158a4a7ff586b97d55dabd5b58ab15eb], PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\media enhance, Quarantined, [d2cd92371269a88e81c2a958847fc33d], PUP.Optional.qvo6.A, HKLM\SOFTWARE\qvo6Software, Quarantined, [a4fbe3e6c9b2f83e30a2929b52b203fd], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [0e913a8fcbb041f5667d12f6b54e9070], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [bde27653f289aa8cc0693bfc7a8a2dd3], PUP.Optional.V9.A, HKLM\SOFTWARE\V9SOFTWARE\v9hp, Quarantined, [9c03b11814674de910801ef3d03310f0], PUP.Optional.MediaEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\media enhance, Delete-on-Reboot, [c4db6e5b0b70b086de67ac554bb801ff], PUP.Optional.DataMngr.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [930c31985427f83ef26d60cbda2a6997], PUP.Optional.DataMngr.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [77287b4ea7d46acce47a07242ed68779], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6a3555742b50ae88e4efa6994abab848], PUP.Optional.MediaEnhance.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\media enhance, Quarantined, [7d2221a81c5fd95d99ac8b76e61d58a8], PUP.Optional.Babylon.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, [adf203c6a4d783b3035fe04cc83ce61a], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bee15d6ccfac8babf548f52001021fe1], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [46593e8bec8fe551bbc7e04b6b997987], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [2f70af1a2e4d3bfbeeeeeef9db27b64a], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\freeven, Quarantined, [8b140abf9fdcf541f32db05ced1614ec], PUP.Optional.Qone8, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [ccd3ab1e94e7e650c2665cdba85cd52b], Registry Values: 5 PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=FA4A0021002F159B&affID=120523&tsp=5003, Quarantined, [5b44ae1b0f6c132304cc9d91e321fd03] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.v9.com/web/?type=ds&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f&q={searchTerms}, Quarantined, [9a055d6c671447efb8164aaaf70b649c] PUP.Optional.QuickStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\quick_start@gmail.com, Quarantined, [603f79507b002c0a6e10da2fe81b5aa6] PUP.Optional.InstallCore.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O2W1R1D0D1S1J, Quarantined, [46593e8bec8fe551bbc7e04b6b997987] PUP.Optional.QuickStart.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Quarantined, [aef17356770467cf524e3bb8ec16b14f] Registry Data: 7 PUP.Optional.Qvo6.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&ts=1381262678, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&ts=1381262678),Replaced,[f4abb3165526de58889f67767a8a0bf5] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[2a75a0293a412214ec571cb6e51fb64a] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[a5fae4e55e1d71c5dd648f4328dc7b85] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.v9.com/web/?type=ds&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://search.v9.com/web/?type=ds&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f&q={searchTerms}),Replaced,[fda24a7f92e989adc57d61714bb96b95] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[5f40ecdd9ae1a591e5ad3ca0f212ef11] PUP.Optional.V9.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[b3eca524f388fb3b0b30666c3dc7f907] PUP.Optional.V9.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[9d023297abd0be78c772537f84800ff1] Folders: 18 PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [a2fd0bbe85f678bed1b9ad6442c13bc5], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\mt_ffx\searchgol, Quarantined, [e0bfebdec5b6ea4c697d5b629969728e], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\mt_ffx\searchgol\searchgol, Quarantined, [e0bfebdec5b6ea4c697d5b629969728e], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\mt_ffx\searchgol\searchgol\1.8.16.19, Quarantined, [e0bfebdec5b6ea4c697d5b629969728e], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], Files: 191 PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\nsa3FD2.tmp, Quarantined, [108fdaef601b1620dabbadf9b64ee11f], PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\nsnDC62.tmp, Quarantined, [405fe1e8116ad264e6afeabc1be92dd3], PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\ICReinstall_nsa3FD2.tmp, Quarantined, [a6f93c8d225988ae3263faac659f4db3], PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\ICReinstall_nsnDC62.tmp, Quarantined, [acf3814886f52f07b9dcc3e335cf5ca4], Backdoor.Bot, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\android.exe, Quarantined, [0c93d7f21d5e68cefd292455c73a9769], PUP.Optional.ScramblePacker.A, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\med_inhance.exe, Quarantined, [f7a82f9afb8022147aabaade60a1e41c], PUP.Optional.ScramblePacker.A, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\reven-1-2.exe, Quarantined, [a1fea0291764a3932df85d2bda276b95], PUP.Optional.SkyTech.A, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\tugs_v9.exe, Quarantined, [762914b5cab1a690450c3b2741c005fb], PUP.Optional.SilenceInstall, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\VOPackage.exe, Quarantined, [c0df8d3caecd45f15aa40733d729dc24], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\BExternal.dll, Quarantined, [3d62a5242a5196a0a1730221ac5456aa], PUP.Optional.Conduit.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\ccp.exe, Quarantined, [8d126e5b5c1fc96de827d05dc63baa56], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\CrxInstaller.dll, Quarantined, [8d124188c5b620166dcb49dc2fd20bf5], PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\DSearchLink.exe, Quarantined, [b6e96861dd9e31052b37088c54b07b85], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\MntrDLLInstall.dll, Quarantined, [dfc0e3e679028fa764d5bb6af30ef709], PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\MyDeltaTB.exe, Quarantined, [e1be7f4a3744e74fe469205cd13050b0], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\Setup.exe, Quarantined, [554afacf97e4ee48714569b81ae6ca36], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\BExternal.dll, Quarantined, [48579a2f5a21ef47d440e043bd43d828], PUP.Optional.Conduit.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\ccp.exe, Quarantined, [762916b3abd093a37d92c5689f62966a], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\CrxInstaller.dll, Quarantined, [930c59707cffb086023626ffe120c937], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\MntrDLLInstall.dll, Quarantined, [1e81d3f63b40a78f0732e045ac55a858], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\MySgolTB.exe, Quarantined, [69364a7fceadf541f120012c5fa2da26], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\Setup.exe, Quarantined, [6936c0094a31ab8b16a0f32ec53b3ac6], Backdoor.Bot, C:\Users\Sauerland\AppData\Local\Temp\android\android.exe, Quarantined, [bce3e6e3e09b092d2bfb84f55ea36799], PUP.Optional.Wsys.A, C:\Users\Sauerland\AppData\Local\Temp\eIntaller\0EBB513F58B14481B249A95BBB54EAE8\eGdpSvc.exe, Quarantined, [5d426b5e0873bb7bbc9cec46ec159a66], PUP.Optional.Wilsys.A, C:\Users\Sauerland\AppData\Local\Temp\eIntaller\0EBB513F58B14481B249A95BBB54EAE8\eXQ.exe, Quarantined, [a9f6f5d4502b5cda7dda60d22ad71de3], PUP.Optional.CRX.A, C:\Users\Sauerland\AppData\Local\Temp\bus93F5\CrxUpdater_d.exe, Quarantined, [0f9090390972a98d1f3babec84802ed2], PUP.Optional.PCFixSpeed.A, C:\Users\Sauerland\AppData\Local\Temp\is922941421\457724548_stp\SearchGol.exe, Quarantined, [425d696019621f1739ec80d632d20000], PUP.Optional.Elex, C:\Users\Sauerland\AppData\Local\Temp\is922941421\457724639_stp\cor_ar_qvo6.exe, Quarantined, [039c7752a1daf83e9ee439e8827e2ad6], PUP.Optional.SkyTech.A, C:\Users\Sauerland\AppData\Local\Temp\fullpackage_temp1394481356\alilog.dll, Quarantined, [277819b0275446f03a0c7cb6a65a827e], PUP.Optional.SkyTech.A, C:\Users\Sauerland\AppData\Local\Temp\fullpackage_temp1394481356\package1.zip, Quarantined, [9a0557723c3fb383fa4c64ce27d9629e], PUP.Optional.V9.A, C:\Users\Sauerland\AppData\Local\Temp\fullpackage_temp1394481356\qSE.exe, Quarantined, [920d3f8a186392a428cc55f337c9b947], PUP.Optional.BundleInstaller.A, C:\Users\Sauerland\Downloads\flashplayerpro-setup.exe, Quarantined, [e4bbaa1f98e3da5ca5bde1679a66cb35], PUP.Optional.DomaIQ, C:\Users\Sauerland\Downloads\Setup(1).exe, Quarantined, [ddc2c306dd9e83b3dc2c251e31cf916f], PUP.Optional.DomaIQ, C:\Users\Sauerland\Downloads\Setup(2).exe, Quarantined, [3f6056730972a98dce3a1f24976956aa], PUP.Optional.DomalQ, C:\Users\Sauerland\Downloads\Setup.exe, Quarantined, [d6c955748eedca6cb53e5053e71d5aa6], PUP.Optional.Freemium.A, C:\Users\Sauerland\Downloads\VLC_player_Setup(1).exe, Quarantined, [7926b5147cff3303a24e1d150ef3fb05], PUP.Optional.DomaIQ, C:\Users\Sauerland\Downloads\Java(1).exe, Quarantined, [e4bb2b9e84f7043281873211d42cec14], PUP.Optional.DomalQ, C:\Users\Sauerland\Downloads\Java.exe, Quarantined, [dac511b81f5cf44240b3277ceb197090], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-chromeinstaller.job, Quarantined, [46593099354679bd4bf7f60b937001ff], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-codedownloader.job, Quarantined, [8817d5f4f982171f82c0e31e0bf807f9], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-enabler.job, Quarantined, [227d5376f68544f278ca50b15aa957a9], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-firefoxinstaller.job, Quarantined, [554a3e8b314ac76fb78bc53c788b7987], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-updater.job, Quarantined, [148bc1084f2c83b30e34ce33966da65a], PUP.Optional.SearchGol.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\searchplugins\searchgol.xml, Quarantined, [f4abb415e89348ee6abdc942867de818], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [a2fd0bbe85f678bed1b9ad6442c13bc5], PUP.Optional.V9.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [eeb1d2f7493296a04b43bc557a89d42c], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome.manifest, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\install.rdf, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\056ff2369117eca1daf2a3b0ec0dcb8c.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\2181005b6228106d89d08ab60a49fc92.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\554f63adc1c965135708d0d96ce6f971.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\74f7d636aaf9097539db2db55ee84f40.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\79c5d82d9be232edcaf4e34967619c45.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\8b1606f941e2b7145769a0837cb46514.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\background.html, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\browser.xul, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\dialog.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.xul, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\search_dialog.xul, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\654fb614b777e2cd9497c7acb5bddbd1.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\128460844b10898475a6a4ba0978ba83.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\15b56037c4a278e029c0705eae4a1489.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\17da7703a7ebb6e2b7c6ef0e5c1a4fd3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\296b153cad739ef425a4c45832c346d3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\3b0be935580eb5611440aca61d5ca2d5.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\59ac6620b45026f98ce76b7c0e49f612.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\5a05e85a74a00d3aa231f1307dafa0f8.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\5c100b0f25ea25cb5b60cb431e39c1a6.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\909c50e086168bf8e2c236d8b9c85297.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\9b3a14715b6cc34ee804d6285467b8be.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\aa4f591f6235e487854590505a251adb.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\b4f34668ca0610fcd25a363c53c2c9d5.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\c538dd50beb1282fc0b4fb286df59271.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\c705116f0d371fed55fea3bd9532b16e.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\d232f6621729d8fce75a3cb501b4a579.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\dac9d66654a509b510f1479f223fe362.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\131d1b608a4eb28b84f3963ddcececb3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\133a6d2127e3412a0c70ead5d736289c.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\180461bf317c0a17c3c4339abcdfac16.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\2eed471dc1cad1e31bf5ec04bae0b1bb.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\86e6a819c9dc7495ff552fd1fdf6a8d3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\923a6ba4a1990953d7a5825d0bb0d749.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\93456ec3cedb2861af3959ccb0841ad1.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\a7747c4fc9963eed4c432bac24e4efc8.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\b5209d9967206a85dba9ad73d2b87315.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\bd24ca25276b1d16fe7cb095cf4fbed3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\c206de3c7cd35e3ea2404cb185433ace.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\c27b8889ba3af2ad48e37c4658fdc290.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\d05c058bb1d88f3c672b90e493f4242a.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\dcda499ac580398d705e7e43370efe7f.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\dedb9accfbb48b706c3666f0b0927dde.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\e4c756a4a4b7b48b1c0ad5679feec217.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\e567bf2dfcaf263eab55f7ce45bdd1d9.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\fb8962e837b6e34941c780e3c00965b8.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\fc5dc392492cc5c8b67cf5a4a1276b1e.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\installer.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences\prefs.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\manifest.xml, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins.json, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\13.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\14.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\16.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\17.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\180.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\184.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\195.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\211.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\220.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\221.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\223.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\226.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\242.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\246.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\260.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\263.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\268.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\273.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\284.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\286.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\288.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\289.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\291.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\300.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\301.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\4.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\47.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\64.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\7.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\78.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\9.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\background.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\extension.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US\translations.dtd, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button1.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button2.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button3.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button4.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button5.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\crossrider_statusbar.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon128.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon16.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon24.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon48.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\panelarrow-up.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\popup.html, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\skin.css, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\update.css, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\44150.crx, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\44150.xpi, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\background.html, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\Installer.log, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-bg.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-chromeinstaller.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance.ico, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\Uninstall.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\utils.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "144ad94b7cd60d610272d15b8f8c6ffc");), Replaced,[435c8f3ad3a80f27c4394ac363a2f60a] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), Replaced,[c8d7f5d4b0cb52e4fb197896e71e23dd] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), Replaced,[a9f6e9e0720952e4bc58f11da95c639d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Replaced,[d0cfb4158fec61d568ac58b621e41ae6] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), Replaced,[019ea920cbb02c0a45cf709e17ee42be] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "de");), Replaced,[168925a41f5c6ec815ffc8468e77b34d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), Replaced,[bae523a6ccaf0f27bc58c44afe072bd5] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), Replaced,[752acffa1f5c54e27c9823eb0df845bb] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "fa4a43d90000000000000021002f159b");), Replaced,[5946a7229cdffa3c948063abc83d11ef] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15960");), Replaced,[fda2e3e6bdbe87afeb29d73722e311ef] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), Replaced,[148bbe0baad1ee4864b0709eb154f10f] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), Replaced,[108f78512b505bdbab6937d7e1244eb2] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), Replaced,[6f3005c4255634022ee615f9f41156aa] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), Replaced,[3c633495a7d43501e62ee12d9d680000] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), Replaced,[792628a1ccafd6602fe55db1d82d4cb4] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), Replaced,[0d92e3e6f982ef47a66ef11d16efa759] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), Replaced,[d1cec1083d3e1f17789c1cf23dc81ce4] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), Replaced,[4e51b7122556e74f090bad61da2bbf41] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.24.6");), Replaced,[fca387422655e155b0647b9346bff50b] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.24.622:13:29");), Replaced,[5946efda2b5038fe4cc8b45a22e3629e] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.24.6");), Replaced,[f8a7ba0f2853d46224f028e6cd38ac54] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), Replaced,[217e6465cbb0b28434e06da1d2339d63] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=120523&tsp=5003");), Replaced,[d1ce6960cdae4bebb16307072fd608f8] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), Replaced,[a9f6b4150378f73f759f7f8ff0150df3] PUP.Optional.V9.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "hxxp://www.v9.com/newtab/?type=nt&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f");), Replaced,[e0bf8e3ba0dbfc3a581df5195aabc33d] Physical Sectors: 0 (No malicious items detected) (end) Malwarebytes (2. Log): Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.08.2014 Scan Time: 19:56:00 Logfile: mbam 2014-08-23 20-09 Uhr.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.22.07 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista CPU: x86 File System: NTFS User: Sauerland Scan Type: Threat Scan Result: Completed Objects Scanned: 266278 Time Elapsed: 12 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 23 PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), ,[5946c7026516df5767adcc4221e49967] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), ,[821df3d65f1c2f07a86c4ac49075f010] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[0d9225a43249ff3718fc838b798c0af6] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), ,[fea14c7d0a71cd69c351c24c5ca9b64a] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "de");), ,[3768eddc1e5d4beb898b13fb5fa650b0] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), ,[1b84ccfd5526a29470a456b860a5837d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), ,[7b24587115662b0b6ba964aaf70ef907] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "fa4a43d90000000000000021002f159b");), ,[36696366d4a775c1b85cdb330ff66799] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15960");), ,[ebb4e8e1f2893ff7b55f11fd81847789] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), ,[118e68614b30d2647a9aaf5f9c6950b0] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), ,[fda2c6031c5f2b0b0e06ce401bea639d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), ,[039c08c14f2c93a3bb59fa143cc99f61] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), ,[7e2175543546270f59bb7a94d92c7888] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), ,[f6a9d8f15f1c64d2d93bd7377194a957] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), ,[c5da5e6b0675b97db3616f9f28dd9b65] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), ,[5d423693a8d3e84e37dd7d91f80d4ab6] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[326d77527b00c76f9d7747c7cd384eb2] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.24.6");), ,[56499c2d7cff0333d53fc8460cf9847c] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.24.622:13:29");), ,[425d8742126937ff62b24dc18e771ce4] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.24.6");), ,[dec1e5e44437d95dd440868861a4e21e] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), ,[58479831d8a30f27f61e44ca32d3fd03] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=120523&tsp=5003");), ,[d1cee8e1bcbf033319fba569aa5b837d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), ,[7e210ebb4734a59174a0bd51c83d3ac6] Physical Sectors: 0 (No malicious items detected) (end) Log FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014 Ran by Sauerland (administrator) on SAUERLAND-PC on 22-08-2014 21:10:41 Running from D:\Computer\Viren etc\Vorbereitung für Trojaner-Board Platform: Microsoft® Windows Vista™ Home Basic (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\WINDOWS\System32\AEADISRV.EXE (Agere Systems) C:\WINDOWS\System32\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe () C:\WINDOWS\SMINST\Scheduler.exe (Intel Corporation) C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\WINDOWS\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-12-15] (Microsoft Corporation) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc) HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [833072 2007-06-07] (Synaptics, Inc.) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472632 2007-05-11] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-06-05] (Hewlett-Packard) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.) HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2008-06-03] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [ST Recovery Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-06-06] (soft thinks) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company) HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.) HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 28 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Users\Sauerland\Desktop\VLC\npvlc.dll (VideoLAN) FF user.js: detected! => C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\user.js FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\Extensions\abs@avira.com [2014-08-22] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-08] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-18] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [172131 2007-06-08] (Hewlett-Packard Ltd) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-06-05] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-13] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [30008 2007-06-08] (Hewlett-Packard Development Company L.P.) [File not signed] R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-22] (Malwarebytes Corporation) S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-10] (Avira GmbH) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 21:10 - 2014-08-22 21:10 - 00000000 ____D () C:\FRST 2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable 2014-08-22 20:50 - 2014-08-22 20:50 - 00162872 _____ (Software Installer ) C:\Users\Sauerland\Downloads\Setup.exe 2014-08-22 18:29 - 2014-08-22 19:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-22 18:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-22 18:29 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe 2014-08-18 08:41 - 2014-08-18 08:42 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe 2014-08-18 08:36 - 2014-08-18 08:42 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-18 08:35 - 2014-08-18 08:42 - 00000000 ____D () C:\ProgramData\Package Cache ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 21:10 - 2014-08-22 21:10 - 00000000 ____D () C:\FRST 2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable 2014-08-22 21:09 - 2013-09-08 11:39 - 00000000 ____D () C:\Users\Sauerland 2014-08-22 21:06 - 2013-09-08 10:39 - 01103094 _____ () C:\Windows\WindowsUpdate.log 2014-08-22 21:02 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-22 21:02 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-22 20:50 - 2014-08-22 20:50 - 00162872 _____ (Software Installer ) C:\Users\Sauerland\Downloads\Setup.exe 2014-08-22 20:26 - 2014-01-03 10:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-22 19:53 - 2014-08-22 18:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-22 19:02 - 2007-12-15 02:38 - 00243764 _____ () C:\Windows\PFRO.log 2014-08-22 19:02 - 2007-12-15 02:20 - 00000000 ____D () C:\Windows\SMINST 2014-08-22 19:02 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-22 19:01 - 2006-11-09 18:42 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-08-22 19:01 - 2006-11-02 14:58 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-22 18:52 - 2013-10-08 22:04 - 00000000 ____D () C:\ProgramData\eSafe 2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2006-11-02 12:33 - 01488910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-22 18:26 - 2013-09-10 21:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-22 18:26 - 2013-09-10 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-22 17:35 - 2013-09-19 16:51 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D24E31C5-698E-4D95-A1A4-C6096E317E4E}.job 2014-08-19 22:57 - 2013-09-08 14:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-18 09:01 - 2014-06-22 14:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe 2014-08-18 08:42 - 2014-08-18 08:41 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe 2014-08-18 08:42 - 2014-08-18 08:36 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-18 08:42 - 2014-08-18 08:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-18 08:42 - 2013-09-10 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-18 08:42 - 2013-09-10 21:02 - 00000000 ____D () C:\Program Files\Avira 2014-08-18 08:36 - 2013-09-10 21:02 - 00000000 ____D () C:\ProgramData\Avira Some content of TEMP: ==================== C:\Users\Sauerland\AppData\Local\Temp\avgnt.exe C:\Users\Sauerland\AppData\Local\Temp\BackupSetup.exe C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Sauerland\AppData\Local\Temp\HPQSi.exe C:\Users\Sauerland\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe C:\Users\Sauerland\AppData\Local\Temp\setup.exe C:\Users\Sauerland\AppData\Local\Temp\SymLCSVC.EXE C:\Users\Sauerland\AppData\Local\Temp\uninst1.exe C:\Users\Sauerland\AppData\Local\Temp\vcredist_x86.exe C:\Users\Sauerland\AppData\Local\Temp\_is8114.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-22 19:27 ==================== End Of Log ============================ Log FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014
Ran by Sauerland at 2014-08-22 21:11:17
Running from D:\Computer\Viren etc\Vorbereitung für Trojaner-Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-06-2014 08:47:45 Geplanter Prüfpunkt
05-07-2014 11:59:56 Geplanter Prüfpunkt
13-08-2014 20:43:36 Windows Update
18-08-2014 07:43:34 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {49FD1CF1-D334-443A-83E8-F459169B6D2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-22] (Adobe Systems Incorporated)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {8ACDF758-2F0B-4C22-90F2-B69BE35BCB2B} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {D90BC17A-3AEE-442C-BB10-2DBC8B467BAA} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-06-15] ()
Task: {DDCBD8CE-E4BA-4FEC-AF33-13DAD0B55BD9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D24E31C5-698E-4D95-A1A4-C6096E317E4E}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2014-07-24 11:47 - 2014-07-24 11:47 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2007-08-24 14:28 - 2007-08-24 14:28 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-12-15 02:20 - 2007-06-06 15:34 - 00715912 _____ () C:\WINDOWS\SMINST\scheduler.exe
2007-12-15 02:20 - 2007-02-15 17:37 - 00446464 _____ () C:\WINDOWS\SMINST\naspp.dll
2007-06-08 10:05 - 2007-06-08 10:05 - 00274432 _____ () C:\Windows\system32\flcdlmsg.dll
2014-08-18 08:36 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Sauerland\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2007-02-16 18:40 - 2007-02-16 18:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 18:40 - 2007-02-16 18:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2013-09-08 13:55 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-06-22 14:08 - 2014-08-18 09:01 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-22 18:26 - 2014-08-22 18:26 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/22/2014 08:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung setup.exe_Software Installer, Version 3.7.1.0, Zeitstempel 0x53f78bb4, fehlerhaftes Modul setup.exe, Version 3.7.1.0, Zeitstempel 0x53f78bb4, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c8ff,
Prozess-ID 0x1210, Anwendungsstartzeit setup.exe_Software Installer0.
Error: (08/22/2014 08:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung setup.exe_Software Installer, Version 3.7.1.0, Zeitstempel 0x53f64144, fehlerhaftes Modul setup.exe, Version 3.7.1.0, Zeitstempel 0x53f64144, Ausnahmecode 0xc0000005, Fehleroffset 0x000150fc,
Prozess-ID 0x1410, Anwendungsstartzeit setup.exe_Software Installer0.
Error: (08/19/2014 11:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 31.0.0.5310, Zeitstempel 0x53c75e91, fehlerhaftes Modul mozalloc.dll, Version 31.0.0.5310, Zeitstempel 0x53c72e91, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0x11a0, Anwendungsstartzeit plugin-container.exe0.
Error: (06/23/2014 02:58:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 30.0.0.5269, Zeitstempel 0x53914233, fehlerhaftes Modul mozalloc.dll, Version 30.0.0.5269, Zeitstempel 0x53911393, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0xe94, Anwendungsstartzeit plugin-container.exe0.
Error: (04/14/2014 03:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 28.0.0.5186, Zeitstempel 0x53240e37, fehlerhaftes Modul xul.dll, Version 28.0.0.5186, Zeitstempel 0x53240e04, Ausnahmecode 0xc0000005, Fehleroffset 0x00184729,
Prozess-ID 0xd80, Anwendungsstartzeit firefox.exe0.
Error: (04/14/2014 00:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 28.0.0.5186, Zeitstempel 0x53240e37, fehlerhaftes Modul xul.dll, Version 28.0.0.5186, Zeitstempel 0x53240e04, Ausnahmecode 0xc0000005, Fehleroffset 0x00184729,
Prozess-ID 0x974, Anwendungsstartzeit firefox.exe0.
Error: (03/16/2014 04:26:19 PM) (Source: HP Health Check Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (03/10/2014 10:20:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (03/10/2014 10:20:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (03/10/2014 10:20:22 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
System errors:
=============
Error: (08/22/2014 07:02:24 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 07:02:19 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:43:05 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:43:00 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:32:02 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:31:57 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/19/2014 10:57:00 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/19/2014 10:56:55 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/18/2014 08:33:09 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/18/2014 08:33:04 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Microsoft Office Sessions:
=========================
Error: (08/22/2014 08:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_Software Installer3.7.1.053f78bb4setup.exe3.7.1.053f78bb4c00000050000c8ff121001cfbe3a0cb2a109
Error: (08/22/2014 08:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_Software Installer3.7.1.053f64144setup.exe3.7.1.053f64144c0000005000150fc141001cfbe392233ce69
Error: (08/19/2014 11:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b11a001cfbbf184897666
Error: (06/23/2014 02:58:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141be9401cf8ee2add5b250
Error: (04/14/2014 03:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c000000500184729d8001cf57d5bb826d81
Error: (04/14/2014 00:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472997401cf57bd5abe2d10
Error: (03/16/2014 04:26:19 PM) (Source: HP Health Check Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (03/10/2014 10:20:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (03/10/2014 10:20:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (03/10/2014 10:20:22 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
CodeIntegrity Errors:
===================================
Date: 2014-08-22 21:11:13.747
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.708
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.630
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.373
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.333
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.289
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.250
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 20:01:05.854
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 20:01:05.804
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz
Percentage of memory in use: 51%
Total physical RAM: 3062.69 MB
Available physical RAM: 1482.14 MB
Total Pagefile: 2967.17 MB
Available Pagefile: 1440.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39.06 GB) (Free:13.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:101.2 GB) (Free:13.52 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:8.79 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (LEXAR MEDIA) (Removable) (Total:0.06 GB) (Free:0.04 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 706BA65C)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 61.5 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Log Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-22 21:39:00
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01 149,05GB
Running: j4ntsdtc.exe; Driver: C:\Users\SAUERL~1\AppData\Local\Temp\kwryyuoc.sys
---- System - GMER 2.1 ----
SSDT 8E15C9CC ZwClose
SSDT 8E15C9D6 ZwCreateSection
SSDT 8E15C9C7 ZwDuplicateObject
SSDT 8E15C968 ZwOpenProcess
SSDT 8E15C96D ZwOpenThread
SSDT 8E15C9E0 ZwRequestWaitReplyPort
SSDT 8E15C9DB ZwSetContextThread
SSDT 8E15C9E5 ZwSetSecurityObject
SSDT 8E15C9EA ZwSystemDebugControl
SSDT 8E15C977 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 368 81C80874 4 Bytes CALL 9791D4FA
.text ntkrnlpa.exe!ZwCallbackReturn + 3D4 81C808E0 4 Bytes JMP 9791DF66
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 81C80C48 4 Bytes CALL 9791E7CE
.text ntkrnlpa.exe!ZwCallbackReturn + 7E8 81C80CF4 4 Bytes JMP E08E15C9
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 83D36C20
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624b73
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37624b73 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
Baum-Darstellung