| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mit Maleware und Trojanern infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2014, 23:45
| #1 |
 |  Mit Maleware und Trojanern infiziert Hallo, folgendes Problem. Eine Freundin hat mir ihren Laptop gegeben, weil seit einiger Zeit Probleme aufgetaucht sind. U. a funktionieren die Windows Updates und Avira nicht mehr. Und des öfteren öffnen sich ungewollt Browser(werbe)fenster. Nun habe ich Malewarebytes durchlaufen lassen und es wurden einige Trojaner usw. gefunden, insgesamt ca. 1400! Ich hoffe der nachfolgende Log hilft. Ein txt Log konnte nicht erstellt werden, nur ein xml Log. Und ich hoffe Ihr könnt mir helfen. Danke! |
|
18.12.2014, 06:24
| #2 |
| /// the machine /// TB-Ausbilder    | Mit Maleware und Trojanern infiziert Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.12.2014, 16:51
| #3 |
| | Mit Maleware und Trojanern infiziert So, hier die FRST Log
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014 Ran by Finn (administrator) on FINN-PC on 18-12-2014 16:49:20 Running from C:\Users\Finn\Desktop Loaded Profiles: Finn & (Available profiles: Finn) Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files\SoftwareUpdater\UpdaterService.exe (COMPANYVERS_NAME) C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (MindSpark) C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (VER_COMPANY_NAME) C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (VentSoftware Dev) C:\Users\Finn\AppData\Roaming\Tyew\okoge.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files\SoftwareUpdater\AppsUpdater.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avrestart.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor) HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.) HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe" HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated) HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe [44784 2013-04-23] (MindSpark) HKLM\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe [30096 2013-04-23] (VER_COMPANY_NAME) HKLM\...\Run: [DATAMNGR] => C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~2.EXE HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer\Run: [9656] => c:\ProgramData\mscaii.exe [863184 2009-07-14] ( (Google Inc.)) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Run: [Loazrovyo] => C:\Users\Finn\AppData\Roaming\Tyew\okoge.exe [327168 2013-12-27] (VentSoftware Dev) HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\MountPoints2: {62f5c3ce-832e-11e2-82dd-00262dc05569} - F:\pushinst.exe HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\o. ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Loazrovyo] => C:\Users\Finn\AppData\Roaming\Tyew\okoge.exe [327168 2013-12-27] (VentSoftware Dev) HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {62f5c3ce-832e-11e2-82dd-00262dc05569} - F:\pushinst.exe HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm284^YY^de&ptb=D70D2E8D-C268-4826-8F2C-5FAFDBFDFC61&si=CJub5_XE4bYCFRLLtAodXhIAng HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=119721&babsrc=HP_ss&mntrId=947700262DC05569 HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm284^YY^de&ptb=D70D2E8D-C268-4826-8F2C-5FAFDBFDFC61&si=CJub5_XE4bYCFRLLtAodXhIAng HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=119721&babsrc=HP_ss&mntrId=947700262DC05569 URLSearchHook: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) URLSearchHook: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a9301-111&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a9301-111&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm284^YY^de&si=CJub5_XE4bYCFRLLtAodXhIAng&ptb=D70D2E8D-C268-4826-8F2C-5FAFDBFDFC61&psa=&ind=2013042315&st=sb&n=77fc968b&searchfor={searchTerms} SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=947700262DC05569&affID=127885&tsp=5188 SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> {038EA7B4-F3DE-48AF-8A79-200D2C8BF3A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=947700262DC05569&affID=127885&tsp=5188 SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a9301-111&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm284^YY^de&si=CJub5_XE4bYCFRLLtAodXhIAng&ptb=D70D2E8D-C268-4826-8F2C-5FAFDBFDFC61&psa=&ind=2013042315&st=sb&n=77fc968b&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=947700262DC05569&affID=127885&tsp=5188 SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {038EA7B4-F3DE-48AF-8A79-200D2C8BF3A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=947700262DC05569&affID=127885&tsp=5188 SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=341&systemid=406&v=a9301-111&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm284^YY^de&si=CJub5_XE4bYCFRLLtAodXhIAng&ptb=D70D2E8D-C268-4826-8F2C-5FAFDBFDFC61&psa=&ind=2013042315&st=sb&n=77fc968b&searchfor={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Search-Results Toolbar -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) BHO: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: PricePeep -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> C:\Program Files\PricePeep\pricepeep.dll (PricePeep) Toolbar: HKLM - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) Toolbar: HKLM - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> TelevisionFanatic - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @TelevisionFanatic.com/Plugin -> C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files\TelevisionFanatic\bar\1.bin FF Extension: TelevisionFanatic - C:\Program Files\TelevisionFanatic\bar\1.bin [2013-04-23] FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Firefox\Extensions: [autolyrics@man-soft.net] - C:\Program Files\AutoLyrics\FF FF Extension: Auto Lyrics - C:\Program Files\AutoLyrics\FF [2013-06-25] FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF Extension: Speed Test 127 - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-03-16] FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers FF Extension: Free Games 111 - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-03-16] FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [autolyrics@man-soft.net] - C:\Program Files\AutoLyrics\FF FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) CHR Profile: C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (deael4rreal) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd [2013-12-22] CHR Extension: (ttperfeccTcoUpon) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh [2014-03-01] CHR Extension: (Plus-HD-1.6) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh [2013-10-03] CHR Extension: (TicTuaCoupooan) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle [2014-03-22] CHR Extension: (Google Wallet) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02] CHR Extension: (DealPly Beta channel) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn [2013-10-02] CHR Extension: (Auto Lyrics) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf [2013-10-02] CHR Extension: (saVeaitkeep.) - C:\ProgramData\lcpinoicpcakljhbmfdidkkjdpljibpm\ [2013-10-02] CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Finn\AppData\Roaming\BabSolution\CR\delta2.crx [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [ojcgaoafcmbadjkfdippkdddgkeaipbn] - C:\Program Files\DealPly\DealPly.crx [2013-04-30] CHR HKLM\...\Chrome\Extension: [pkcdkfohdadbjmlfejhncigcbfkiaamf] - C:\Program Files\AutoLyrics\Chrome.crx [2013-06-04] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2012-12-21] () [File not signed] R2 TelevisionFanaticService; C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2013-04-23] (COMPANYVERS_NAME) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.) S2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 16:49 - 2014-12-18 16:49 - 00026395 _____ () C:\Users\Finn\Desktop\FRST.txt 2014-12-18 16:49 - 2014-12-18 16:42 - 01113600 _____ (Farbar) C:\Users\Finn\Desktop\FRST.exe 2014-12-18 16:45 - 2014-12-18 16:49 - 00000000 ____D () C:\FRST 2014-12-17 23:43 - 2014-12-17 23:43 - 00031608 _____ () C:\Users\Finn\Desktop\mwb_scan.zip 2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\Program Files\7-Zip 2014-12-17 23:18 - 2014-12-17 23:08 - 00624384 _____ () C:\Users\Finn\Desktop\mwb_scan.xml 2014-12-17 23:08 - 2014-12-17 23:36 - 00000049 _____ () C:\Users\Finn\Desktop\mwb_scan.txt 2014-12-17 22:39 - 2014-12-17 22:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-17 22:38 - 2014-12-17 22:38 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-17 22:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-17 22:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-17 22:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-23 18:24 - 2014-11-23 18:24 - 01040360 _____ () C:\Users\Finn\Downloads\flashplayer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 16:47 - 2010-06-28 23:30 - 01499844 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-18 16:43 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-18 16:43 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-18 16:39 - 2012-11-01 13:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-18 16:35 - 2012-11-01 13:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-17 23:06 - 2012-10-08 17:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-17 23:06 - 2012-10-08 17:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-17 22:56 - 2012-07-14 19:11 - 01480372 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 22:50 - 2013-10-03 21:50 - 00001876 _____ () C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job 2014-12-17 22:50 - 2013-10-03 21:50 - 00001276 _____ () C:\Windows\Tasks\Plus-HD-1.6-updater.job 2014-12-17 22:50 - 2013-10-03 21:50 - 00001180 _____ () C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job 2014-12-17 22:50 - 2013-10-03 21:50 - 00001080 _____ () C:\Windows\Tasks\Plus-HD-1.6-enabler.job 2014-12-17 22:37 - 2009-07-14 05:39 - 00065118 _____ () C:\Windows\setupact.log 2014-12-17 22:25 - 2014-01-05 15:44 - 00000000 ____D () C:\Users\Finn\Tracing 2014-12-17 22:24 - 2014-01-12 19:38 - 00025575 _____ () C:\ProgramData\debug.log 2014-12-17 22:24 - 2012-11-01 13:03 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-17 22:24 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-23 18:21 - 2014-09-23 16:08 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-23 18:21 - 2014-09-23 16:07 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-23 18:21 - 2014-05-07 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-23 18:21 - 2014-05-07 14:56 - 00000000 ____D () C:\Program Files\Avira ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c Files to move or delete: ==================== C:\ProgramData\mscaii.exe C:\Users\Finn\SilkroadOnline_SROROfficial_v1_068.exe Some content of TEMP: ==================== C:\Users\Finn\AppData\Local\Temp\2SKKKKKKK.exe C:\Users\Finn\AppData\Local\Temp\air1105.exe C:\Users\Finn\AppData\Local\Temp\air263.exe C:\Users\Finn\AppData\Local\Temp\air457F.exe C:\Users\Finn\AppData\Local\Temp\air8D47.exe C:\Users\Finn\AppData\Local\Temp\avgnt.exe C:\Users\Finn\AppData\Local\Temp\BackupSetup.exe C:\Users\Finn\AppData\Local\Temp\DriverUninstaller.exe C:\Users\Finn\AppData\Local\Temp\drm_dialogs.dll C:\Users\Finn\AppData\Local\Temp\drm_dyndata_7350007.dll C:\Users\Finn\AppData\Local\Temp\FileSystemView.dll C:\Users\Finn\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Finn\AppData\Local\Temp\o1nvlm1t.dll C:\Users\Finn\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\Finn\AppData\Local\Temp\Setup[1].exe C:\Users\Finn\AppData\Local\Temp\SIntf16.dll C:\Users\Finn\AppData\Local\Temp\SIntf32.dll C:\Users\Finn\AppData\Local\Temp\SIntfNT.dll C:\Users\Finn\AppData\Local\Temp\SopCast-Installer.exe C:\Users\Finn\AppData\Local\Temp\vcredist_x86.exe C:\Users\Finn\AppData\Local\Temp\_is1101.exe C:\Users\Finn\AppData\Local\Temp\_is12D4.exe C:\Users\Finn\AppData\Local\Temp\_is7493.exe C:\Users\Finn\AppData\Local\Temp\_is7A0F.exe C:\Users\Finn\AppData\Local\Temp\_isA746.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-18 18:05 ==================== End Of Log ============================ Und hier die Addition Log Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Finn at 2014-12-18 16:49:43
Running from C:\Users\Finn\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: BullGuard Antivirus (Enabled - Out of date) {504FFF66-3028-EB7E-2E60-62B19ADD791C}
AS: BullGuard Antispyware (Enabled - Out of date) {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.35 beta (HKLM\...\7-Zip) (Version: - )
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.3 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM\...\Ashampoo Photo Commander_is1) (Version: 8.1.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM\...\Ashampoo Snap_is1) (Version: 3.4.0 - ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Auto Lyrics (HKLM\...\autolyrics@man-soft.net) (Version: - Mansoft Union) <==== ATTENTION
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Brother MFL-Pro Suite MFC-J415W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
BrowserProtect (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - Bit89 Inc) <==== ATTENTION
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
deael4rreal (HKLM\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version: - deAl4reeali)
DealPly (HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\DealPly) (Version: - ) <==== ATTENTION
DealPly (HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\DealPly) (Version: - ) <==== ATTENTION
DealPly (remove only) (HKLM\...\DealPly) (Version: 4.8.6.3 - DealPly Technologies Ltd.) <==== ATTENTION
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Delta) <==== ATTENTION
Delta toolbar (HKLM\...\delta) (Version: 1.8.16.16 - Delta) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager V1.5.0.8 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.8 - Wistron Corp.)
LibreOffice 3.5 (HKLM\...\{B1F9C834-0594-4563-B344-4ED9599A5945}) (Version: 3.5.5.3 - The Document Foundation)
Live Security Platinum (HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Live Security Platinum) (Version: - )
Live Security Platinum (HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Live Security Platinum) (Version: - )
LOGO!Soft Comfort V5.0 (HKLM\...\LOGO!Soft Comfort V5.0) (Version: 5.0.0.0 - Siemens AG)
LOGO!Soft Comfort V6.1 (HKLM\...\LOGO!Soft Comfort V6.1) (Version: 6.1.0.0 - Siemens AG)
LOGO!Soft Comfort V7.0 (HKLM\...\LOGO!Soft Comfort V7.0 ) (Version: 7.0.0.0 - Siemens AG)
LOGOSoft Comfort V4.0 (HKLM\...\LOGOSoft Comfort V4.0) (Version: 4.0.0.0 - Siemens AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version: - PC Utilities Software Limited) <==== ATTENTION
PC Performer (HKLM\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plus-HD-1.6 (HKLM\...\Plus-HD-1.6) (Version: 1.28.153.1 - Plus HD) <==== ATTENTION
PricePeep (HKLM\...\PricePeep) (Version: 2.2.0.2 - betwikx LLC) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6096 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
saVeaitkeep. (HKLM\...\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}) (Version: - sAveitkkeepp.)
ScanSoft PaperPort 11 (HKLM\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Search-Results Toolbar (HKLM\...\ilividtoolbargaw) (Version: 1.2.0.0 - APN LLC) <==== ATTENTION
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista (HKLM\...\{6C551D93-DC8B-4C8D-9E74-92AE565AF371}) (Version: 4.40 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista_5 (c:\SiLabs\MCU_5) (HKLM\...\{8ED01DB9-A7CD-4105-B02E-61C8092ABF17}) (Version: 4.40 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{5AFBA564-54E4-4D1D-BD2A-5026C6321AFC}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_3 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_3) (HKLM\...\{B6B66D17-8605-4A77-94D6-7940B8279DCD}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_4 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_4) (HKLM\...\{959F29A2-9ECC-4F40-B2A6-15ABC453BFAE}) (Version: 6.2.00 - Silicon Laboratories, Inc.)
SoftwareUpdater (HKLM\...\SoftwareUpdater) (Version: - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TelevisionFanatic Toolbar (HKLM\...\TelevisionFanaticbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
ttperfeccTcoUpon (HKLM\...\{23B82977-C816-92D2-66E7-BE67DD1E7786}) (Version: - tperffectccoupoon) <==== ATTENTION
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Xfire (remove only) (HKLM\...\Xfire) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000_Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\InprocServer32 -> C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
CustomCLSID: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Finn\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
==================== Restore Points =========================
23-04-2014 09:13:41 Removed PaperPort Image Printer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {064A3539-3EF2-4642-9407-E07B0258CC13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {0817E721-7559-4AA9-982D-FA3AAAC47559} - System32\Tasks\{26337234-4F82-48AB-8AC5-E9E846515660} => pcalua.exe -a "E:\LOGO!Soft Comfort 4 DEMO (Win)\Setup.exe" -d "E:\LOGO!Soft Comfort 4 DEMO (Win)"
Task: {12EDB823-A647-4E87-A443-5C1E1D2059D5} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-enabler.exe <==== ATTENTION
Task: {19366769-D539-4A86-92CC-5EB095819D16} - System32\Tasks\{01D795E5-5B6B-48C2-9ED4-B114D933E4ED} => pcalua.exe -a "F:\Logo 5.0 SP 1\CD-ROM_Voll\Windows\Setup.exe" -d "F:\Logo 5.0 SP 1\CD-ROM_Voll\Windows"
Task: {1A9EE902-17C4-431E-8F20-2DFBEFB07A86} - System32\Tasks\{9C12D33F-58FD-4376-A743-A6F5D00CB6F0} => pcalua.exe -a "C:\Program Files\Siemens\LOGOComfort_V4\UninstallerData\Deinstallieren.exe"
Task: {26D93F70-76B5-4281-8D1A-0BC90D626A35} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {431EDAC5-F113-48D0-B75C-A0D5A461015A} - System32\Tasks\DealPly => C:\Users\Finn\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-03-19] () <==== ATTENTION
Task: {47EB5434-2B1A-4D5E-A4A9-985865C0EB9D} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-10-03] () <==== ATTENTION
Task: {4912B0DA-6AA2-43CA-AF9E-2AD803B8F8BB} - System32\Tasks\{170F7B37-BDDF-42CE-AE5B-4B55B1CBA981} => E:\Office.2003.Professional.Edition.inkl.SP3.German-Funzele\Office.2003.Professional.Edition.inkl.SP3.German-Funzele.exe
Task: {4B3EDF0C-4277-4811-B344-036C6D4A8267} - System32\Tasks\FGRun => C:\Users\Finn\AppData\Roaming\pack.exe
Task: {521FBB95-F7B5-4E52-92D6-E089AD4B87C2} - System32\Tasks\PC Performer => C:\Program Files\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {69E6DA0A-1C65-4A29-B3C8-437378EFF563} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {6B13FD82-9E1B-43CE-8795-0FAD62368B66} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-10-03] () <==== ATTENTION
Task: {75A6EE23-5594-4476-939D-74E1D4AE3C73} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {85303DBC-8CA1-4001-B55E-821729574A77} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {8D83C41F-6715-4757-BD0B-FFB163E780CC} - System32\Tasks\PC Performer_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {A5C3F4EB-0BA8-490C-B2F1-CE3DA8122EAE} - System32\Tasks\{DCA0F754-04CB-4548-915E-F6D7186B940D} => pcalua.exe -a C:\ProgramData\6C82D0E9000853B3028228934F147CE7\6C82D0E9000853B3028228934F147CE7.exe -c -u
Task: {AE278DBF-8F15-46FC-938D-FEA3D970D15E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated)
Task: {EBFCBE85-AE32-43B6-830B-B28DC81EF587} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {FB8016E0-AAD3-462D-BB35-9057F5FF5467} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-10-03] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-12-21 11:00 - 2012-12-21 11:00 - 00031744 _____ () C:\Program Files\SoftwareUpdater\UpdaterService.exe
2012-07-24 18:23 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2012-08-05 13:54 - 2012-08-05 13:54 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\8974e548fc54655fc112b538495d412a\IsdiInterop.ni.dll
2010-06-29 00:22 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-02 10:06 - 2013-10-23 09:31 - 00104960 _____ () C:\Program Files\SoftwareUpdater\AppsUpdater.exe
2012-12-11 16:05 - 2013-09-23 10:43 - 00093184 _____ () C:\Program Files\SoftwareUpdater\KeyGen.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2471633549-1032859582-1289093826-500 - Administrator - Disabled)
Finn (S-1-5-21-2471633549-1032859582-1289093826-1000 - Administrator - Enabled) => C:\Users\Finn
Gast (S-1-5-21-2471633549-1032859582-1289093826-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2471633549-1032859582-1289093826-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/18/2014 04:49:48 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:49:48.669]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:49:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:49:45.019]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:49:13 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:49:13.451]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:49:09 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:49:09.807]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:48:38 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:48:38.241]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:48:34 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:48:34.590]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:48:03 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:48:03.016]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:47:59 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:47:59.365]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:47:27 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:47:27.791]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:47:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/12/18 16:47:24.140]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
System errors:
=============
Error: (12/17/2014 10:24:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/23/2014 06:19:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053
Error: (11/23/2014 06:19:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Application Virtualization Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/23/2014 06:19:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Client erreicht.
Error: (11/23/2014 06:18:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/03/2014 05:47:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053
Error: (11/03/2014 05:47:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Application Virtualization Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/03/2014 05:47:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Client erreicht.
Error: (11/03/2014 05:46:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/03/2014 05:46:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 03.11.2014 um 17:44:53 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (12/18/2014 04:49:48 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:49:48.669]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:49:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:49:45.019]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:49:13 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:49:13.451]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:49:09 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:49:09.807]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:48:38 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:48:38.241]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:48:34 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:48:34.590]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:48:03 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:48:03.016]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:47:59 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:47:59.365]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:47:27 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:47:27.791]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
Error: (12/18/2014 04:47:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2014/12/18 16:47:24.140]: [00002024]: GetDeviceIpAddress: GetAddressByName [BRW00225815F004] Error
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 51%
Total physical RAM: 2934.6 MB
Available physical RAM: 1434.93 MB
Total Pagefile: 5867.48 MB
Available Pagefile: 3672.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.33 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:372.77 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
18.12.2014, 21:29
| #4 |
| /// the machine /// TB-Ausbilder | Mit Maleware und Trojanern infiziert Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.12.2014, 22:56
| #5 |
| | Mit Maleware und Trojanern infiziert Combofix hat gemeckert. Angeblich war der Real Time Scanner BullGuard Antivirus und BullGuard Antispyware aktiv. Selbige habe ich aber nicht als installierte Version gefunden. ComboFix.txt ist folgende: Code:
ATTFilter ComboFix 14-12-14.01 - Finn 18.12.2014 22:31:00.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2935.1648 [GMT 1:00]
ausgeführt von:: c:\users\Finn\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Enabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\@
c:\$recycle.bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\n
c:\$recycle.bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\o
c:\$recycle.bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\U\00000001.@
c:\$recycle.bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\U\80000000.@
c:\$recycle.bin\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\U\800000cb.@
C:\install.exe
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPly.xpi
c:\program files\DealPly\DealPlyIE64.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\DealPlyUpdateVer.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\Search Results Toolbar\Datamngr
c:\program files\Search Results Toolbar\Datamngr\del_DM_LL_nsaA185.dll
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll
c:\program files\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brmon.exe
c:\program files\TelevisionFanatic\bar\1.bin\64brstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\64hkstub.dll
c:\program files\TelevisionFanatic\bar\1.bin\T8RES.DLL
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\Finn\4.0
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0\1
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd\1.4\background.html
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd\1.4\content.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd\1.4\G0oIyE.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd\1.4\lsdb.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd\1.4\manifest.json
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd\1.4\sqlite.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh\1.3\background.html
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh\1.3\content.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh\1.3\lsdb.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh\1.3\manifest.json
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh\1.3\uQpI6wKMFHw.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\background.html
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\crossriderManifest.json
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\manifest.xml
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins.json
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\1_base.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\102_dealply_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\103_intext_5_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\105_corticas_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\119_similar_web_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\120_luck_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\17_jQuery.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\182_openUrl.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\21_debug.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\22_resources.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\28_initializer.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\47_resources_background.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\64_appApiMessage.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\7_hooks.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\72_appApiValidation.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\userCode\background.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\userCode\extension.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\icons\actions\1.png
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\icons\icon128.png
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\icons\icon16.png
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\icons\icon48.png
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\api\chrome.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\api\cookie.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\api\message.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\api\pageAction.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\api\pageActionBG.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\background.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\app_api.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\bg_app_api.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\consts.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\cookie_store.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\crossriderAPI.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\delegate.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\events.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\extensionDataStore.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\installer.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\logFile.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\logging.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\onBGDocumentLoad.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\popupResource\newPopup.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\popupResource\popup.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\reports.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\storageWrapper.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\updateManager.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\util.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\lib\xhr.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\js\main.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\manifest.json
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\popup.html
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\version.json
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle\2.5\background.html
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle\2.5\content.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle\2.5\lsdb.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle\2.5\manifest.json
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle\2.5\xnByJpKkU.js
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\002130.ldb
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\002132.ldb
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\002141.ldb
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\002144.ldb
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\002166.log
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\CURRENT
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOCK
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG.old
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\MANIFEST-002164
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmgkoglgofeifjihdomeoenbcnldfpdd_0.localstorage-journal
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmgkoglgofeifjihdomeoenbcnldfpdd_0.localstorage
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feepmipndjnebblnjonfgcdbehjkdimd_0.localstorage-journal
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feepmipndjnebblnjonfgcdbehjkdimd_0.localstorage
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hnhpaahafbicfgfbipdlmclnnbjcnedh_0.localstorage-journal
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hnhpaahafbicfgfbipdlmclnnbjcnedh_0.localstorage
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage-journal
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_njaepkkifelelcdbcoinfeekemfdelle_0.localstorage-journal
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_njaepkkifelelcdbcoinfeekemfdelle_0.localstorage
c:\users\Finn\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Finn\AppData\Local\lollipop
c:\users\Finn\AppData\Local\Microsoft\Windows\Temporary Internet Files\glindorus_iels
c:\users\Finn\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Finn\AppData\Roaming\Atal
c:\users\Finn\AppData\Roaming\Atal\vanoe.vyc
c:\users\Finn\AppData\Roaming\Exis
c:\users\Finn\AppData\Roaming\Exis\doem.ude
c:\users\Finn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\Finn\AppData\Roaming\Tyew
c:\users\Finn\AppData\Roaming\Tyew\okoge.exe
c:\users\Finn\AppData\Roaming\Upqua
c:\users\Finn\AppData\Roaming\Upqua\kigu.iru
c:\users\Finn\AppData\Roaming\Yfamux
c:\users\Finn\AppData\Roaming\Yfamux\sietr.onu
c:\users\Public\Desktop\Control center.lnk
c:\windows\msdownld.tmp
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-18 bis 2014-12-18 ))))))))))))))))))))))))))))))
.
.
2014-12-18 21:38 . 2014-12-18 21:38 -------- d-----w- c:\users\Finn\AppData\Local\temp
2014-12-18 21:38 . 2014-12-18 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-18 21:11 . 2013-04-23 19:37 186760 ----a-w- c:\program files\64res.dll
2014-12-18 21:11 . 2013-04-23 19:37 708168 ----a-w- c:\program files\64Uninstall TelevisionFanatic.dll
2014-12-18 20:51 . 2014-12-18 20:51 -------- d-----w- c:\program files\VS Revo Group
2014-12-18 15:45 . 2014-12-18 15:50 -------- d-----w- C:\FRST
2014-12-17 22:43 . 2014-12-17 22:43 -------- d-----w- c:\program files\7-Zip
2014-12-17 21:39 . 2014-12-18 19:34 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-17 21:38 . 2014-12-17 21:38 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-12-17 21:38 . 2014-12-17 21:38 -------- d-----w- c:\programdata\Malwarebytes
2014-12-17 21:38 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-17 21:38 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-17 21:38 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-17 22:06 . 2012-10-08 16:50 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-17 22:06 . 2012-10-08 16:50 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-03 16:37 . 2014-05-09 12:25 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-11-03 16:37 . 2014-05-07 13:56 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-11-03 16:37 . 2014-05-07 13:56 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-17 702768]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 DatamngrCoordinator;Datamngr Coordinator;c:\program files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-02-25 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-17 431920]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-10-22 164656]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 21:34 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 22:06]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 12:02]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 12:02]
.
2014-12-18 c:\windows\Tasks\Plus-HD-1.6-chromeinstaller.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-10-03 20:50]
.
2014-12-18 c:\windows\Tasks\Plus-HD-1.6-codedownloader.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-10-03 20:50]
.
2014-12-18 c:\windows\Tasks\Plus-HD-1.6-updater.job
- c:\program files\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-10-03 20:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm284^YY^de&ptb=D70D2E8D-C268-4826-8F2C-5FAFDBFDFC61&si=CJub5_XE4bYCFRLLtAodXhIAng
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Loazrovyo - c:\users\Finn\AppData\Roaming\Tyew\okoge.exe
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~2.EXE
SafeBoot-BsScanner
AddRemove-LOGO!Soft Comfort V7.0 - c:\program files\Siemens\LOGOComfort_V7\UninstallerData\Uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE} - c:\programdata\saVeaitkeep.\hgBpu1K.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-18 22:48:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-12-18 21:48
.
Vor Suchlauf: 11 Verzeichnis(se), 408.401.256.448 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 409.272.299.520 Bytes frei
.
- - End Of File - - 84BB37223D8D35919DC509A750933838
4624822E540EC83CD0819525C65846BA
|
|
19.12.2014, 21:29
| #6 |
| /// the machine /// TB-Ausbilder | Mit Maleware und Trojanern infiziert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Mit Maleware und Trojanern infiziert |
|
20.12.2014, 00:29
| #7 |
| | Mit Maleware und Trojanern infiziertCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.12.2014 Suchlauf-Zeit: 23:36:36 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.19.07 Rootkit Datenbank: v2014.12.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Finn Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313162 Verstrichene Zeit: 21 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 36 PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [cfe4481ccab2ac8aaeefbc1caa58a957], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [4d66cc985428dc5aa911ee1e16ed4fb1], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [971caabaaad2c96da5ee5eaf3dc6fb05], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.Babylon.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [10a31d470e6eba7c1e309340da28bd43], PUP.Optional.DealPly.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}, Löschen bei Neustart, [5c57a2c2ed8f26103bc47365b74b1be5], PUP.Optional.DealPly.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}, Löschen bei Neustart, [5c57a2c2ed8f26103bc47365b74b1be5], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Löschen bei Neustart, [763d4420661675c178af917b28db9769], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Löschen bei Neustart, [763d4420661675c178af917b28db9769], PUP.Optional.Wajam.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Löschen bei Neustart, [486bfa6a077580b662bf0ecc31d1fc04], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Löschen bei Neustart, [a80b92d238442f07dbba888413f0d828], PUP.Optional.SearchResults.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{377e5d4d-77e5-476a-8716-7e70a9272da0}, In Quarantäne, [2a89333183f91e186e09f1e6e121718f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [cae9b8ac9ede999d28d867a617ecaa56], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [8d266ef6c4b890a635cc48c563a0fa06], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, In Quarantäne, [842f7aea44387eb86833d33aef14ee12], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, In Quarantäne, [941fbea6c6b681b54e4df21b32d12cd4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [eec58bd990ec0531dec33c5ceb185aa6], PUP.Optional.PlusHD.A, HKLM\SOFTWARE\Plus-HD-1.6, In Quarantäne, [743f3331077568cea2c35743ab588e72], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject, In Quarantäne, [2d86006434488da990b8088fcd369769], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject.1, In Quarantäne, [941ff17394e8ad894cfc3d5ae023738d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ojcgaoafcmbadjkfdippkdddgkeaipbn, In Quarantäne, [7b387fe5fd7fb77f44b172187291837d], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pkcdkfohdadbjmlfejhncigcbfkiaamf, In Quarantäne, [ecc76afabfbd0e288d5884f6b251946c], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [cee5521238445fd7fc8582f051b236ca], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [8231e77d4a32fd39c114c4aea75cc838], PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\VITTALIA\AxtanInstaller, In Quarantäne, [d3e086de08741224f355593cb54efa06], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pkcdkfohdadbjmlfejhncigcbfkiaamf, In Quarantäne, [397a1c48ceae43f30cd9cfab9370b749], PUP.Optional.Datamngr.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DatamngrCoordinator, In Quarantäne, [08abf66e3c408aac3a12dd96847fee12], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\BabylonToolbar, Löschen bei Neustart, [575c1351126af5417df15a57f2126d93], PUP.Optional.DataMngr.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [a50e85df87f5b5819417a00df113b749], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Iminent, Löschen bei Neustart, [0da6c59fb1cb82b4dac8e8b034cf7090], PUP.Optional.PlusHD.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.6, Löschen bei Neustart, [90230064691373c35adb0388867dab55], PUP.Optional.BProtector.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [60530d577dff83b32dc5ffb16e9632ce], PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\PERFORMERSOFT LLC\Video Performer, Löschen bei Neustart, [595a2a3ac0bca195961776fb4fb47a86], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SYSTWEAK\ssd, Löschen bei Neustart, [8033b3b1b5c7171fb2229ad8c1426898], Registrierungswerte: 5 PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www2.delta-search.com/?affID=119721&babsrc=NT_ss&mntrId=947700262DC05569, In Quarantäne, [06ad164e4933b3832fe37f3208fc5aa6] PUP.BProtector, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www2.delta-search.com/?affID=119721&babsrc=HP_ss&mntrId=947700262DC05569, Löschen bei Neustart, [a80b4d17087443f37b32f0bdd1337b85] PUP.BProtector, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [7a39d68e36463cfaecc28726e0247e82] PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|autolyrics@man-soft.net, C:\Program Files\AutoLyrics\FF\, Löschen bei Neustart, [10a323419be1bf775b8b8ceed033867a] PUP.Optional.SpeedTest, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedtest4354@BestOffers, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, Löschen bei Neustart, [951e0f55aad2a78fef4acca214efab55] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 27 PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.DealPly.A, C:\Users\Finn\AppData\Roaming\DealPly, In Quarantäne, [149f2c38daa21d19ed7e6bb55fa4ae52], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.Datamngr.A, C:\Users\Finn\AppData\LocalLow\DataMngr, In Quarantäne, [189b3232e59755e185544fd755aeb54b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\userCode, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\actions, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\popupResource, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0, Löschen bei Neustart, [d5dea6be83f9330392c4ea4b9370f709], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.SearchResultsTB.A, C:\Users\Finn\AppData\LocalLow\searchresultstb, In Quarantäne, [9b18d78da7d5c76f536e6ed760a34fb1], Dateien: 217 PUP.Optional.Datamngr.A, C:\Program Files\Movies Toolbar\Datamngr\IEBHO.dll, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-bg.exe, In Quarantäne, [e0d35311a0dc0531ae706534ab568878], PUP.Optional.Crossrider, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll, In Quarantäne, [4b68194b7c00ef472da3be634db8ea16], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe, In Quarantäne, [dcd7bba917659c9ad5498613738e13ed], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe, In Quarantäne, [4b6831330676f3430c12ddbced146c94], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe, In Quarantäne, [ded5531115678caaa37b20799170ec14], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-updater.exe, In Quarantäne, [555e76ee1567ab8b0618debbac551de3], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (10).exe, In Quarantäne, [9f14d39118645cdabed0204b9d6428d8], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (11).exe, In Quarantäne, [941f5c08b7c50f2725696efd976a9967], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (12).exe, In Quarantäne, [526165ff90ec9a9c0886105b8879a858], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Java (1).exe, In Quarantäne, [9221acb8e399cd696c3b0e31d92719e7], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Java (2).exe, In Quarantäne, [6053392b4f2dc47240875c436e936a96], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Java.exe, In Quarantäne, [971cacb8e399a393edba102f46ba5ea2], PUP.Optional.RegCleanPro, C:\Users\Finn\Downloads\mmc_my439491.exe, In Quarantäne, [4a69d58f93e963d31fd17db7d82812ee], PUP.Optional.RegCleanPro, C:\Users\Finn\Downloads\rcpsetupmapp3_mapp31518151de (1).exe, In Quarantäne, [9122461e2755e155fbf5ca6a16eaba46], PUP.Optional.RegCleanPro, C:\Users\Finn\Downloads\rcpsetupmapp3_mapp31518151de.exe, In Quarantäne, [a60d2b39cbb1b6802dc3aa8a956b3cc4], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (1).exe, In Quarantäne, [5162055fdf9d1c1a2a15fb2d847cea16], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (2).exe, In Quarantäne, [2d86cd974e2efa3cb48bc464c23eeb15], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Setup (3).exe, In Quarantäne, [e4cfc89c621af73f4f63d56e56ab8e72], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (4).exe, In Quarantäne, [941f63015e1eb87e59b1282417ea40c0], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (5).exe, In Quarantäne, [7e35f4707a023501cebc5904f1106898], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Setup (6).exe, In Quarantäne, [f5bedc886517c1750a294628dd248b75], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Setup (7).exe, In Quarantäne, [743fa9bb1c605bdbcf1beada629f9868], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup.exe, In Quarantäne, [763dff65ceae3cfaf44bbe6a29d706fa], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\flashplayer.exe, In Quarantäne, [0aa9a5bf3646d660ba37d11e728f966a], PUP.Optional.Firseria, C:\Users\Finn\Downloads\Internet Explorer 9 (1).exe, In Quarantäne, [a310d193007c06309556edaf07fe42be], PUP.Optional.Firseria, C:\Users\Finn\Downloads\Internet Explorer 9.exe, In Quarantäne, [d5de3c28a7d58bab8a61dcc02ed710f0], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (13).exe, In Quarantäne, [c3f08dd76319191d92fce18a09f8b947], PUP.Optional.InstallBrain, C:\Users\Finn\Downloads\VideoPerformerSetup (1).exe, In Quarantäne, [981b71f3770588ae4fd5af8639c7da26], PUP.Optional.InstallBrain, C:\Users\Finn\Downloads\VideoPerformerSetup.exe, In Quarantäne, [ffb474f08bf16fc794905cd9fc04d22e], PUP.Optional.BoostSaves.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [3380115386f62a0cb98eb79f25de47b9], PUP.Optional.BoostSaves.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [9d16e4803448de580641371f7d869070], PUP.Optional.PlusHD.A, C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job, In Quarantäne, [9f14bba9a6d66fc7a71e3e32c340639d], PUP.Optional.PlusHD.A, C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job, In Quarantäne, [7c37fd673d3f8caab114145c679c4eb2], PUP.Optional.PlusHD.A, C:\Windows\Tasks\Plus-HD-1.6-updater.job, In Quarantäne, [644f3c28bdbf1c1a3f86a7c929da16ea], PUP.Optional.PlusHD.A, C:\Windows\System32\Tasks\Plus-HD-1.6-chromeinstaller, In Quarantäne, [cbe873f14e2ede58d5f15c14a95aca36], PUP.Optional.PlusHD.A, C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader, In Quarantäne, [c8eb94d0324a3204dcea660aec17c43c], PUP.Optional.PlusHD.A, C:\Windows\System32\Tasks\Plus-HD-1.6-updater, In Quarantäne, [0ba8d58fc4b860d6d3f3e68ac43fab55], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPly, In Quarantäne, [d6dd580c413b7cba0162591ce41fc040], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [347f62021369fd39bea5690cbb4833cd], PUP.Optional.SelectNGo.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [2f8488dc4636fd39219f0e6e897a5ca4], PUP.Optional.SelectNGo.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, In Quarantäne, [7f34bda7126aa2947a46d8a44eb5867a], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [1f944f151f5d9a9c0dfc7ffff21106fa], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [00b33034b5c761d5e62394eaec17ac54], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [23902242dca0b97dd53182fe689b5aa6], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [199aa7bde19b56e09f67ec94c34049b7], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64cert.dll, In Quarantäne, [4d66e57fb2cac3733719e2cfc2422fd1], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32prop.dll, In Quarantäne, [1f9484e0b0cc4de9401119985aaa43bd], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64prop.dll, In Quarantäne, [3c77a4c0720ab0861f32f5bcfe068878], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-2471633549-1032859582-1289093826-1000.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-32.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\stats.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage, Löschen bei Neustart, [7340f3719fdd4fe73fe27a52a65e01ff], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage-journal, Löschen bei Neustart, [278c21437efeb185cb5674582ed64cb4], PUP.Optional.ReMarkable.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [4e6589db7c00c5712b9a07cb956f4ab6], PUP.Optional.ReMarkable.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [9e150163c1bb1422388d666c1fe513ed], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\apcrtldr1.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Helper.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Internet Explorer Settings.exe, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\mgrldr1.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Uninstall.exe, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.Datamngr.A, C:\Users\Finn\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [189b3232e59755e185544fd755aeb54b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\32002.crx, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\Installer.log, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-helper.exe, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6.ico, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\background.html, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\chromeCoreFilesIndex.txt, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\manifest.json, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\popup.html, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\Settings.json, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\manifest.xml, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins.json, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\102.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\104.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\119.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\123.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\13.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\14.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\17.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\178.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\179.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\180.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\184.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\19.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\195.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\220.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\221.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\223.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\226.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\230.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\231.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\233.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\242.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\246.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\260.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\262.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\263.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\267.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\273.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\286.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\289.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\4.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\47.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\64.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\7.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\78.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\80.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\9.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\91.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\93.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\97.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\userCode\background.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\userCode\extension.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\icon128.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\icon16.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\icon48.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\actions\1.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\5f7d08e17422e6ce4f98c6d03f77408f.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\79d08bbe76bb1ab9f5dc0379bbf8941c.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\main.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\0e1b05b6ae3436e9ce886b3f3546fbf1.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\4d0eadb5a98d1c2310f8174d7dd74817.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\518a2ff123454c3ab45da9188b224f31.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\6961a2e9da1d37dc9f38f86168ba6cfe.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\9e5226990cc3edd0328e67627685c0cb.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\pageAction.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\c3ddbbb3f8c6905c7e3a85c18c56b95b.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\0304ae5b78e67f0fe09107c77878cf59.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\33261628269916b4b1f210bdfefc7da7.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\51c7436afcb88f506b523d18c7277d40.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\6cdbe966f26591dd68c9edf1eecce617.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\7179fbd6cd2ffaac33374f1507513b9f.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\7b93c6da9a21036ac7fbf08e9ed66134.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\abe123e22d82a3368a5fb7a882f2830f.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\app_api.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\d2800d82ec240f87e4ffaf171d1b9fe6.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\da4d7302450ce5aada88f450899c5c56.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\dea686de1cc8045c3840d86fcbb1f3a3.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\edad1436fd7439d7fc49df421cca7f38.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\f1a49e6773d0449c2a464182a5259810.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\facb3ceec190638fda640350d3d60db9.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\installer.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\popupResource\newPopup.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\popupResource\popup.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000005.ldb, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000006.log, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\CURRENT, In Quarantäne, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOCK, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG.old, In Quarantäne, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\MANIFEST-000004, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0\1, In Quarantäne, [d5dea6be83f9330392c4ea4b9370f709], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\rjs.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome.manifest, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\icon.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\install.rdf, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\background.html, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.xml, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\config.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\content.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.xul, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\options.xul, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\rjs.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\settings.json, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\subscriptloader.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin\framework.css, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 20/12/2014 um 00:16:30
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzername : Finn - FINN-PC
# Gestartet von : C:\Users\Finn\Downloads\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\ProgramData\BetTeerPriiCCeaChec
Ordner Gelöscht : C:\ProgramData\deael4rreal
Ordner Gelöscht : C:\ProgramData\saVeaitkeep
Ordner Gelöscht : C:\ProgramData\ttperfeccTcoUpon
Ordner Gelöscht : C:\ProgramData\f036a7f0616ff321
Ordner Gelöscht : C:\Program Files\Movies Toolbar
Ordner Gelöscht : C:\Program Files\Search Results Toolbar
Ordner Gelöscht : C:\Program Files\BetTeerPriiCCeaChec
Ordner Gelöscht : C:\Users\Finn\AppData\Local\iac
Ordner Gelöscht : C:\Users\Finn\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Finn\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Finn\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Finn\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Finn\Documents\PC Health Kit
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.icmwebserv.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : BrowserProtect
Task Gelöscht : Dealply
Task Gelöscht : DealPlyUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\SIEN SA
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BetterPriceoChecc.BetterPriceoChecc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BetterPriceoChecc.BetterPriceoChecc.2.3
Schlüssel Gelöscht : HKCU\Software\522d9deb639be49
Schlüssel Gelöscht : HKLM\SOFTWARE\522d9deb639be49
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC887A8A-9D2F-2821-3FF7-CEF4449BFB9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FD58258C-84A6-4DEF-9793-019BE7F491A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC887A8A-9D2F-2821-3FF7-CEF4449BFB9E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AutoLyrics
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17051
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v31.0.1650.63
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=341&systemid=406&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=947700262DC05569
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=341&systemid=406&v=a9301-111&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : jidjhchcblhlapbcpheibgdjkajekhbh
*************************
AdwCleaner[R0].txt - [14226 octets] - [20/12/2014 00:07:16]
AdwCleaner[S0].txt - [13960 octets] - [20/12/2014 00:16:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14021 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Finn on 20.12.2014 at 0:21:47,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2014 at 0:23:21,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by Finn (administrator) on FINN-PC on 20-12-2014 00:24:32
Running from C:\Users\Finn\Desktop
Loaded Profile: Finn (Available profiles: Finn)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> {038EA7B4-F3DE-48AF-8A79-200D2C8BF3A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
Chrome:
=======
CHR Profile: C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
CHR Extension: (Google Drive) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
CHR Extension: (YouTube) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
CHR Extension: (Google-Suche) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
CHR Extension: (Google Wallet) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Google Mail) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Finn\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 00:23 - 2014-12-20 00:23 - 00000915 _____ () C:\Users\Finn\Desktop\JRT.txt
2014-12-20 00:21 - 2014-12-20 00:21 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 00:20 - 2014-12-20 00:20 - 01707646 _____ (Thisisu) C:\Users\Finn\Downloads\JRT.exe
2014-12-20 00:07 - 2014-12-20 00:16 - 00000000 ____D () C:\AdwCleaner
2014-12-20 00:06 - 2014-12-20 00:06 - 02166272 _____ () C:\Users\Finn\Downloads\AdwCleaner_4.105.exe
2014-12-20 00:05 - 2014-12-20 00:05 - 00053937 _____ () C:\Users\Finn\Desktop\mbam.txt
2014-12-18 22:48 - 2014-12-18 22:48 - 00030746 _____ () C:\ComboFix.txt
2014-12-18 22:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-18 22:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-18 22:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-18 22:16 - 2014-12-18 22:48 - 00000000 ____D () C:\Qoobox
2014-12-18 22:16 - 2014-12-18 22:46 - 00000000 ____D () C:\Windows\erdnt
2014-12-18 22:15 - 2014-12-18 22:12 - 05601641 ____R (Swearware) C:\Users\Finn\Desktop\ComboFix.exe
2014-12-18 21:51 - 2014-12-18 21:51 - 00001190 _____ () C:\Users\Finn\Desktop\Revo Uninstaller.lnk
2014-12-18 21:51 - 2014-12-18 21:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-18 21:50 - 2014-12-18 21:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Finn\Desktop\revosetup95.exe
2014-12-18 16:49 - 2014-12-20 00:24 - 00010703 _____ () C:\Users\Finn\Desktop\FRST.txt
2014-12-18 16:49 - 2014-12-18 16:50 - 00028855 _____ () C:\Users\Finn\Desktop\Addition.txt
2014-12-18 16:49 - 2014-12-18 16:42 - 01113600 _____ (Farbar) C:\Users\Finn\Desktop\FRST.exe
2014-12-18 16:45 - 2014-12-20 00:24 - 00000000 ____D () C:\FRST
2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-17 22:39 - 2014-12-20 00:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 22:38 - 2014-12-17 22:38 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-12-17 22:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 22:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 22:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 00:17 - 2012-11-01 13:03 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 00:17 - 2012-07-14 18:32 - 00226098 _____ () C:\Windows\PFRO.log
2014-12-20 00:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 00:17 - 2009-07-14 05:39 - 00065510 _____ () C:\Windows\setupact.log
2014-12-20 00:16 - 2012-07-14 19:11 - 01544494 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 00:08 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 00:08 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 00:06 - 2012-11-01 13:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 23:39 - 2012-11-01 13:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 13:02 - 2012-10-03 15:06 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-12-19 12:57 - 2014-09-23 16:08 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-19 12:57 - 2014-09-23 16:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-19 12:57 - 2014-05-07 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 12:57 - 2014-05-07 14:56 - 00000000 ____D () C:\Program Files\Avira
2014-12-18 22:48 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-18 22:48 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-18 22:41 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-18 22:37 - 2012-07-14 19:40 - 00000000 ____D () C:\Users\Finn
2014-12-18 22:15 - 2010-06-28 23:30 - 01499844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 20:16 - 2014-01-05 15:44 - 00000000 ____D () C:\Users\Finn\Tracing
2014-12-18 20:15 - 2014-01-12 19:38 - 00025850 _____ () C:\ProgramData\debug.log
2014-12-17 23:06 - 2012-10-08 17:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-17 23:06 - 2012-10-08 17:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\mscaii.exe
C:\Users\Finn\SilkroadOnline_SROROfficial_v1_068.exe
Some content of TEMP:
====================
C:\Users\Finn\AppData\Local\temp\avgnt.exe
C:\Users\Finn\AppData\Local\temp\Quarantine.exe
C:\Users\Finn\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-18 17:39
==================== End Of Log ============================
|
|
20.12.2014, 00:31
| #8 |
| | Mit Maleware und Trojanern infiziertCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.12.2014 Suchlauf-Zeit: 23:36:36 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.19.07 Rootkit Datenbank: v2014.12.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Finn Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313162 Verstrichene Zeit: 21 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 36 PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, In Quarantäne, [cfe4481ccab2ac8aaeefbc1caa58a957], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [4d66cc985428dc5aa911ee1e16ed4fb1], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [971caabaaad2c96da5ee5eaf3dc6fb05], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.Babylon.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [10a31d470e6eba7c1e309340da28bd43], PUP.Optional.DealPly.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}, Löschen bei Neustart, [5c57a2c2ed8f26103bc47365b74b1be5], PUP.Optional.DealPly.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}, Löschen bei Neustart, [5c57a2c2ed8f26103bc47365b74b1be5], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Löschen bei Neustart, [763d4420661675c178af917b28db9769], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Löschen bei Neustart, [763d4420661675c178af917b28db9769], PUP.Optional.Wajam.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Löschen bei Neustart, [486bfa6a077580b662bf0ecc31d1fc04], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Löschen bei Neustart, [a80b92d238442f07dbba888413f0d828], PUP.Optional.SearchResults.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{377e5d4d-77e5-476a-8716-7e70a9272da0}, In Quarantäne, [2a89333183f91e186e09f1e6e121718f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [cae9b8ac9ede999d28d867a617ecaa56], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [8d266ef6c4b890a635cc48c563a0fa06], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, In Quarantäne, [842f7aea44387eb86833d33aef14ee12], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, In Quarantäne, [941fbea6c6b681b54e4df21b32d12cd4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [eec58bd990ec0531dec33c5ceb185aa6], PUP.Optional.PlusHD.A, HKLM\SOFTWARE\Plus-HD-1.6, In Quarantäne, [743f3331077568cea2c35743ab588e72], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject, In Quarantäne, [2d86006434488da990b8088fcd369769], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject.1, In Quarantäne, [941ff17394e8ad894cfc3d5ae023738d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ojcgaoafcmbadjkfdippkdddgkeaipbn, In Quarantäne, [7b387fe5fd7fb77f44b172187291837d], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pkcdkfohdadbjmlfejhncigcbfkiaamf, In Quarantäne, [ecc76afabfbd0e288d5884f6b251946c], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [cee5521238445fd7fc8582f051b236ca], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [8231e77d4a32fd39c114c4aea75cc838], PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\VITTALIA\AxtanInstaller, In Quarantäne, [d3e086de08741224f355593cb54efa06], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pkcdkfohdadbjmlfejhncigcbfkiaamf, In Quarantäne, [397a1c48ceae43f30cd9cfab9370b749], PUP.Optional.Datamngr.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DatamngrCoordinator, In Quarantäne, [08abf66e3c408aac3a12dd96847fee12], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\BabylonToolbar, Löschen bei Neustart, [575c1351126af5417df15a57f2126d93], PUP.Optional.DataMngr.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [a50e85df87f5b5819417a00df113b749], PUP.Optional.Iminent.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Iminent, Löschen bei Neustart, [0da6c59fb1cb82b4dac8e8b034cf7090], PUP.Optional.PlusHD.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.6, Löschen bei Neustart, [90230064691373c35adb0388867dab55], PUP.Optional.BProtector.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [60530d577dff83b32dc5ffb16e9632ce], PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\PERFORMERSOFT LLC\Video Performer, Löschen bei Neustart, [595a2a3ac0bca195961776fb4fb47a86], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SYSTWEAK\ssd, Löschen bei Neustart, [8033b3b1b5c7171fb2229ad8c1426898], Registrierungswerte: 5 PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www2.delta-search.com/?affID=119721&babsrc=NT_ss&mntrId=947700262DC05569, In Quarantäne, [06ad164e4933b3832fe37f3208fc5aa6] PUP.BProtector, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www2.delta-search.com/?affID=119721&babsrc=HP_ss&mntrId=947700262DC05569, Löschen bei Neustart, [a80b4d17087443f37b32f0bdd1337b85] PUP.BProtector, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [7a39d68e36463cfaecc28726e0247e82] PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|autolyrics@man-soft.net, C:\Program Files\AutoLyrics\FF\, Löschen bei Neustart, [10a323419be1bf775b8b8ceed033867a] PUP.Optional.SpeedTest, HKU\S-1-5-21-2471633549-1032859582-1289093826-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedtest4354@BestOffers, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, Löschen bei Neustart, [951e0f55aad2a78fef4acca214efab55] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 27 PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.DealPly.A, C:\Users\Finn\AppData\Roaming\DealPly, In Quarantäne, [149f2c38daa21d19ed7e6bb55fa4ae52], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.Datamngr.A, C:\Users\Finn\AppData\LocalLow\DataMngr, In Quarantäne, [189b3232e59755e185544fd755aeb54b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\userCode, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\actions, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\popupResource, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0, Löschen bei Neustart, [d5dea6be83f9330392c4ea4b9370f709], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.SearchResultsTB.A, C:\Users\Finn\AppData\LocalLow\searchresultstb, In Quarantäne, [9b18d78da7d5c76f536e6ed760a34fb1], Dateien: 217 PUP.Optional.Datamngr.A, C:\Program Files\Movies Toolbar\Datamngr\IEBHO.dll, In Quarantäne, [783bc0a405770d29fd9f69a481826799], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-bg.exe, In Quarantäne, [e0d35311a0dc0531ae706534ab568878], PUP.Optional.Crossrider, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll, In Quarantäne, [4b68194b7c00ef472da3be634db8ea16], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe, In Quarantäne, [dcd7bba917659c9ad5498613738e13ed], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe, In Quarantäne, [4b6831330676f3430c12ddbced146c94], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe, In Quarantäne, [ded5531115678caaa37b20799170ec14], PUP.Optional.HDPlus.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-updater.exe, In Quarantäne, [555e76ee1567ab8b0618debbac551de3], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (10).exe, In Quarantäne, [9f14d39118645cdabed0204b9d6428d8], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (11).exe, In Quarantäne, [941f5c08b7c50f2725696efd976a9967], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (12).exe, In Quarantäne, [526165ff90ec9a9c0886105b8879a858], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Java (1).exe, In Quarantäne, [9221acb8e399cd696c3b0e31d92719e7], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Java (2).exe, In Quarantäne, [6053392b4f2dc47240875c436e936a96], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Java.exe, In Quarantäne, [971cacb8e399a393edba102f46ba5ea2], PUP.Optional.RegCleanPro, C:\Users\Finn\Downloads\mmc_my439491.exe, In Quarantäne, [4a69d58f93e963d31fd17db7d82812ee], PUP.Optional.RegCleanPro, C:\Users\Finn\Downloads\rcpsetupmapp3_mapp31518151de (1).exe, In Quarantäne, [9122461e2755e155fbf5ca6a16eaba46], PUP.Optional.RegCleanPro, C:\Users\Finn\Downloads\rcpsetupmapp3_mapp31518151de.exe, In Quarantäne, [a60d2b39cbb1b6802dc3aa8a956b3cc4], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (1).exe, In Quarantäne, [5162055fdf9d1c1a2a15fb2d847cea16], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (2).exe, In Quarantäne, [2d86cd974e2efa3cb48bc464c23eeb15], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Setup (3).exe, In Quarantäne, [e4cfc89c621af73f4f63d56e56ab8e72], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (4).exe, In Quarantäne, [941f63015e1eb87e59b1282417ea40c0], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup (5).exe, In Quarantäne, [7e35f4707a023501cebc5904f1106898], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Setup (6).exe, In Quarantäne, [f5bedc886517c1750a294628dd248b75], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\Setup (7).exe, In Quarantäne, [743fa9bb1c605bdbcf1beada629f9868], PUP.Optional.BundleInstaller.A, C:\Users\Finn\Downloads\Setup.exe, In Quarantäne, [763dff65ceae3cfaf44bbe6a29d706fa], PUP.Optional.DomaIQ, C:\Users\Finn\Downloads\flashplayer.exe, In Quarantäne, [0aa9a5bf3646d660ba37d11e728f966a], PUP.Optional.Firseria, C:\Users\Finn\Downloads\Internet Explorer 9 (1).exe, In Quarantäne, [a310d193007c06309556edaf07fe42be], PUP.Optional.Firseria, C:\Users\Finn\Downloads\Internet Explorer 9.exe, In Quarantäne, [d5de3c28a7d58bab8a61dcc02ed710f0], PUP.Optional.OptimumInstaller.A, C:\Users\Finn\Downloads\Updater_Setup (13).exe, In Quarantäne, [c3f08dd76319191d92fce18a09f8b947], PUP.Optional.InstallBrain, C:\Users\Finn\Downloads\VideoPerformerSetup (1).exe, In Quarantäne, [981b71f3770588ae4fd5af8639c7da26], PUP.Optional.InstallBrain, C:\Users\Finn\Downloads\VideoPerformerSetup.exe, In Quarantäne, [ffb474f08bf16fc794905cd9fc04d22e], PUP.Optional.BoostSaves.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [3380115386f62a0cb98eb79f25de47b9], PUP.Optional.BoostSaves.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [9d16e4803448de580641371f7d869070], PUP.Optional.PlusHD.A, C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job, In Quarantäne, [9f14bba9a6d66fc7a71e3e32c340639d], PUP.Optional.PlusHD.A, C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job, In Quarantäne, [7c37fd673d3f8caab114145c679c4eb2], PUP.Optional.PlusHD.A, C:\Windows\Tasks\Plus-HD-1.6-updater.job, In Quarantäne, [644f3c28bdbf1c1a3f86a7c929da16ea], PUP.Optional.PlusHD.A, C:\Windows\System32\Tasks\Plus-HD-1.6-chromeinstaller, In Quarantäne, [cbe873f14e2ede58d5f15c14a95aca36], PUP.Optional.PlusHD.A, C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader, In Quarantäne, [c8eb94d0324a3204dcea660aec17c43c], PUP.Optional.PlusHD.A, C:\Windows\System32\Tasks\Plus-HD-1.6-updater, In Quarantäne, [0ba8d58fc4b860d6d3f3e68ac43fab55], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPly, In Quarantäne, [d6dd580c413b7cba0162591ce41fc040], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [347f62021369fd39bea5690cbb4833cd], PUP.Optional.SelectNGo.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [2f8488dc4636fd39219f0e6e897a5ca4], PUP.Optional.SelectNGo.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, In Quarantäne, [7f34bda7126aa2947a46d8a44eb5867a], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [1f944f151f5d9a9c0dfc7ffff21106fa], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [00b33034b5c761d5e62394eaec17ac54], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [23902242dca0b97dd53182fe689b5aa6], PUP.Optional.LiveLyrics.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [199aa7bde19b56e09f67ec94c34049b7], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64cert.dll, In Quarantäne, [4d66e57fb2cac3733719e2cfc2422fd1], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32prop.dll, In Quarantäne, [1f9484e0b0cc4de9401119985aaa43bd], PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64prop.dll, In Quarantäne, [3c77a4c0720ab0861f32f5bcfe068878], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg.bak, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-2471633549-1032859582-1289093826-1000.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-32.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\stats.cfg, In Quarantäne, [e2d1085c3b412016de00743e3dc7cf31], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage, Löschen bei Neustart, [7340f3719fdd4fe73fe27a52a65e01ff], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage-journal, Löschen bei Neustart, [278c21437efeb185cb5674582ed64cb4], PUP.Optional.ReMarkable.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [4e6589db7c00c5712b9a07cb956f4ab6], PUP.Optional.ReMarkable.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [9e150163c1bb1422388d666c1fe513ed], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\apcrtldr1.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Datamngr.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Helper.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Internet Explorer Settings.exe, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\mgrldr1.dll, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.MoviesToolbar.A, C:\Program Files\Movies Toolbar\Datamngr\Uninstall.exe, In Quarantäne, [5f5467fd4b319f97d00be937fc076e92], PUP.Optional.Datamngr.A, C:\Users\Finn\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [189b3232e59755e185544fd755aeb54b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\32002.crx, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\Installer.log, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-helper.exe, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-1.6\Plus-HD-1.6.ico, In Quarantäne, [278c075d6a12f5411d1efd2aee15e51b], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\background.html, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\chromeCoreFilesIndex.txt, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\manifest.json, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\popup.html, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\Settings.json, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\manifest.xml, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins.json, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\102.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\104.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\119.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\123.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\13.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\14.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\17.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\178.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\179.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\180.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\184.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\19.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\195.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\220.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\221.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\223.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\226.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\230.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\231.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\233.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\242.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\246.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\260.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\262.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\263.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\267.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\273.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\286.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\289.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\4.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\47.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\64.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\7.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\78.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\80.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\9.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\91.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\93.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\plugins\97.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\userCode\background.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\extensionData\userCode\extension.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\icon128.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\icon16.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\icon48.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\icons\actions\1.png, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\5f7d08e17422e6ce4f98c6d03f77408f.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\79d08bbe76bb1ab9f5dc0379bbf8941c.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\main.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\0e1b05b6ae3436e9ce886b3f3546fbf1.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\4d0eadb5a98d1c2310f8174d7dd74817.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\518a2ff123454c3ab45da9188b224f31.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\6961a2e9da1d37dc9f38f86168ba6cfe.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\9e5226990cc3edd0328e67627685c0cb.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\api\pageAction.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\c3ddbbb3f8c6905c7e3a85c18c56b95b.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\0304ae5b78e67f0fe09107c77878cf59.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\33261628269916b4b1f210bdfefc7da7.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\51c7436afcb88f506b523d18c7277d40.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\6cdbe966f26591dd68c9edf1eecce617.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\7179fbd6cd2ffaac33374f1507513b9f.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\7b93c6da9a21036ac7fbf08e9ed66134.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\abe123e22d82a3368a5fb7a882f2830f.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\app_api.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\d2800d82ec240f87e4ffaf171d1b9fe6.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\da4d7302450ce5aada88f450899c5c56.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\dea686de1cc8045c3840d86fcbb1f3a3.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\edad1436fd7439d7fc49df421cca7f38.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\f1a49e6773d0449c2a464182a5259810.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\facb3ceec190638fda640350d3d60db9.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\installer.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\popupResource\newPopup.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.273_0\js\lib\popupResource\popup.js, In Quarantäne, [219276eec5b751e5f95b70c56a99d12f], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000005.ldb, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\000006.log, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\CURRENT, In Quarantäne, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOCK, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\LOG.old, In Quarantäne, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jidjhchcblhlapbcpheibgdjkajekhbh\MANIFEST-000004, Löschen bei Neustart, [bef52d3783f97db904512a0ba3600af6], PUP.Optional.CrossRider.A, C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0\1, In Quarantäne, [d5dea6be83f9330392c4ea4b9370f709], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\rjs.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.SpeedTest.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, In Quarantäne, [5261095ba8d453e3c2e16acea75cd030], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome.manifest, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\icon.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\install.rdf, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\background.html, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.xml, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\config.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\content.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.xul, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.ico, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.png, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\options.xul, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\rjs.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\settings.json, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\subscriptloader.js, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], PUP.Optional.FreeGames.A, C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin\framework.css, In Quarantäne, [a11269fbf28ab383792caf89679cd22e], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 20/12/2014 um 00:16:30
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzername : Finn - FINN-PC
# Gestartet von : C:\Users\Finn\Downloads\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\ProgramData\BetTeerPriiCCeaChec
Ordner Gelöscht : C:\ProgramData\deael4rreal
Ordner Gelöscht : C:\ProgramData\saVeaitkeep
Ordner Gelöscht : C:\ProgramData\ttperfeccTcoUpon
Ordner Gelöscht : C:\ProgramData\f036a7f0616ff321
Ordner Gelöscht : C:\Program Files\Movies Toolbar
Ordner Gelöscht : C:\Program Files\Search Results Toolbar
Ordner Gelöscht : C:\Program Files\BetTeerPriiCCeaChec
Ordner Gelöscht : C:\Users\Finn\AppData\Local\iac
Ordner Gelöscht : C:\Users\Finn\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Finn\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Finn\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Finn\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Finn\Documents\PC Health Kit
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.icmwebserv.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_click.dealshark.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : BrowserProtect
Task Gelöscht : Dealply
Task Gelöscht : DealPlyUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\SIEN SA
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BetterPriceoChecc.BetterPriceoChecc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BetterPriceoChecc.BetterPriceoChecc.2.3
Schlüssel Gelöscht : HKCU\Software\522d9deb639be49
Schlüssel Gelöscht : HKLM\SOFTWARE\522d9deb639be49
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC887A8A-9D2F-2821-3FF7-CEF4449BFB9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FD58258C-84A6-4DEF-9793-019BE7F491A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC887A8A-9D2F-2821-3FF7-CEF4449BFB9E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AutoLyrics
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\iLividSRTB
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17051
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v31.0.1650.63
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=341&systemid=406&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=947700262DC05569
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=341&systemid=406&v=a9301-111&apn_uid=0132231521174246&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : jidjhchcblhlapbcpheibgdjkajekhbh
*************************
AdwCleaner[R0].txt - [14226 octets] - [20/12/2014 00:07:16]
AdwCleaner[S0].txt - [13960 octets] - [20/12/2014 00:16:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14021 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Finn on 20.12.2014 at 0:21:47,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2014 at 0:23:21,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by Finn (administrator) on FINN-PC on 20-12-2014 00:24:32
Running from C:\Users\Finn\Desktop
Loaded Profile: Finn (Available profiles: Finn)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> {038EA7B4-F3DE-48AF-8A79-200D2C8BF3A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
Chrome:
=======
CHR Profile: C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
CHR Extension: (Google Drive) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
CHR Extension: (YouTube) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
CHR Extension: (Google-Suche) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
CHR Extension: (Google Wallet) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Google Mail) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Finn\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 00:23 - 2014-12-20 00:23 - 00000915 _____ () C:\Users\Finn\Desktop\JRT.txt
2014-12-20 00:21 - 2014-12-20 00:21 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 00:20 - 2014-12-20 00:20 - 01707646 _____ (Thisisu) C:\Users\Finn\Downloads\JRT.exe
2014-12-20 00:07 - 2014-12-20 00:16 - 00000000 ____D () C:\AdwCleaner
2014-12-20 00:06 - 2014-12-20 00:06 - 02166272 _____ () C:\Users\Finn\Downloads\AdwCleaner_4.105.exe
2014-12-20 00:05 - 2014-12-20 00:05 - 00053937 _____ () C:\Users\Finn\Desktop\mbam.txt
2014-12-18 22:48 - 2014-12-18 22:48 - 00030746 _____ () C:\ComboFix.txt
2014-12-18 22:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-18 22:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-18 22:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-18 22:16 - 2014-12-18 22:48 - 00000000 ____D () C:\Qoobox
2014-12-18 22:16 - 2014-12-18 22:46 - 00000000 ____D () C:\Windows\erdnt
2014-12-18 22:15 - 2014-12-18 22:12 - 05601641 ____R (Swearware) C:\Users\Finn\Desktop\ComboFix.exe
2014-12-18 21:51 - 2014-12-18 21:51 - 00001190 _____ () C:\Users\Finn\Desktop\Revo Uninstaller.lnk
2014-12-18 21:51 - 2014-12-18 21:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-18 21:50 - 2014-12-18 21:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Finn\Desktop\revosetup95.exe
2014-12-18 16:49 - 2014-12-20 00:24 - 00010703 _____ () C:\Users\Finn\Desktop\FRST.txt
2014-12-18 16:49 - 2014-12-18 16:50 - 00028855 _____ () C:\Users\Finn\Desktop\Addition.txt
2014-12-18 16:49 - 2014-12-18 16:42 - 01113600 _____ (Farbar) C:\Users\Finn\Desktop\FRST.exe
2014-12-18 16:45 - 2014-12-20 00:24 - 00000000 ____D () C:\FRST
2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-17 22:39 - 2014-12-20 00:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 22:38 - 2014-12-17 22:38 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-12-17 22:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 22:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 22:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 00:17 - 2012-11-01 13:03 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 00:17 - 2012-07-14 18:32 - 00226098 _____ () C:\Windows\PFRO.log
2014-12-20 00:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 00:17 - 2009-07-14 05:39 - 00065510 _____ () C:\Windows\setupact.log
2014-12-20 00:16 - 2012-07-14 19:11 - 01544494 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 00:08 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 00:08 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 00:06 - 2012-11-01 13:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-19 23:39 - 2012-11-01 13:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-19 13:02 - 2012-10-03 15:06 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-12-19 12:57 - 2014-09-23 16:08 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-19 12:57 - 2014-09-23 16:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-19 12:57 - 2014-05-07 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 12:57 - 2014-05-07 14:56 - 00000000 ____D () C:\Program Files\Avira
2014-12-18 22:48 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-18 22:48 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-18 22:41 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-18 22:37 - 2012-07-14 19:40 - 00000000 ____D () C:\Users\Finn
2014-12-18 22:15 - 2010-06-28 23:30 - 01499844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 20:16 - 2014-01-05 15:44 - 00000000 ____D () C:\Users\Finn\Tracing
2014-12-18 20:15 - 2014-01-12 19:38 - 00025850 _____ () C:\ProgramData\debug.log
2014-12-17 23:06 - 2012-10-08 17:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-17 23:06 - 2012-10-08 17:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\mscaii.exe
C:\Users\Finn\SilkroadOnline_SROROfficial_v1_068.exe
Some content of TEMP:
====================
C:\Users\Finn\AppData\Local\temp\avgnt.exe
C:\Users\Finn\AppData\Local\temp\Quarantine.exe
C:\Users\Finn\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-18 17:39
==================== End Of Log ============================
|
|
20.12.2014, 20:25
| #9 |
| /// the machine /// TB-Ausbilder | Mit Maleware und Trojanern infiziertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.12.2014, 00:19
| #10 |
| | Mit Maleware und Trojanern infiziertCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=538fda42f501e74684359d0c5e6d98e2
# engine=21650
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-20 11:02:13
# local_time=2014-12-21 12:02:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 88629 25798869 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 85396 170747724 0 0
# scanned=134908
# found=52
# cleaned=0
# scan_time=5812
sh=51AE35727C11D33C03BEBA2BBF4F37B397B5958A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Backup My Data\All Users\lcpinoicpcakljhbmfdidkkjdpljibpm\smUoVzIXY.js"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe"
sh=3F59C47674D400E28971F6BB65E15D96D8E075EE ft=1 fh=79313abe9defcd76 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\Local\Temp\ct2269050\ieLogic.exe"
sh=5A0B2E3D7EA5AAACCC7AA2A579373021204BEDA1 ft=1 fh=572549f60b65a80d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\Local\Temp\ct2269050\statisticsStub.exe"
sh=FB778E2059BA0B1EA0A817CB1407F48FBECC9A3A ft=1 fh=99106c1b10a40924 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\Local\Temp\Temp1_SopCast3.5.0.zip\Setup-SopCast-3.5.0-2012-3-2.exe"
sh=FB778E2059BA0B1EA0A817CB1407F48FBECC9A3A ft=1 fh=99106c1b10a40924 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\Local\Temp\Temp2_SopCast3.5.0.zip\Setup-SopCast-3.5.0-2012-3-2.exe"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=45A30A7CB5CBF88FB013D55585DC9835D2D9A1FA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\Desktop\SopCast3.5.0.zip"
sh=FB778E2059BA0B1EA0A817CB1407F48FBECC9A3A ft=1 fh=99106c1b10a40924 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\michi\Desktop\SopCast3.5.0\Setup-SopCast-3.5.0-2012-3-2.exe"
sh=51AE35727C11D33C03BEBA2BBF4F37B397B5958A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\ProgramData\lcpinoicpcakljhbmfdidkkjdpljibpm\smUoVzIXY.js"
sh=A3F6F2F027B425FACDCB3E2B16CBE8928503D4D1 ft=1 fh=9c31f93c09c42c1a vn="Win32/Sirefef.EV Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\n.vir"
sh=DC8478550F7C5C97C9F876EE79445F7F87443EAF ft=1 fh=83c87fcb60e730df vn="Variante von Win32/Sirefef.FY Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\o.vir"
sh=3291B973397CEA77AF471E0D15D307453AF6CCDB ft=1 fh=d04c9f65b5a8952d vn="Variante von Win32/Sirefef.FA Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\U\80000000.@.vir"
sh=9CC50A16ECD12EC425A90CB2F26EF3D257A8FCE1 ft=1 fh=8a9688989b55dc0f vn="Win32/Sirefef.FL Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-2471633549-1032859582-1289093826-1000\$23e6321a04e0b179c359e9bf1111048c\U\800000cb.@.vir"
sh=5F1274BB228892131502528652B6D1A10CBE90F5 ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPly.crx.vir"
sh=AC5FF20D276340CF87044B6A9D603BE9B6520460 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPly.xpi.vir"
sh=D6E3758123FA1C4B9945BBF3359584ABA79C90F3 ft=1 fh=1253b0cb81c9b1bd vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyUpdate.exe.vir"
sh=D511C85A94649134C7BA8ECFD7876125A4C2F832 ft=1 fh=bdced5e2a18ee905 vn="Variante von Win32/DealPly.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyUpdateRun.exe.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir"
sh=DF27F18F381B98F6045DD325B100B25E9FE1AE9F ft=1 fh=0f8b1ec1a72972b9 vn="Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Search Results Toolbar\Datamngr\del_DM_LL_nsaA185.dll.vir"
sh=CC9173458DA2B4828925A11AC304A4B7C567E26E ft=1 fh=3e0a7ef28e598d37 vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll.vir"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe.vir"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe.vir"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll.vir"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Wincert\WIN32C~1.DLL.vir"
sh=C8881C5A4D8DF3932535715E611259F3046177FE ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgkoglgofeifjihdomeoenbcnldfpdd\1.4\G0oIyE.js.vir"
sh=63C38F5C7762B2D0E5FA53EC1D8D33438EA6CF81 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhpaahafbicfgfbipdlmclnnbjcnedh\1.3\uQpI6wKMFHw.js.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\102_dealply_m.js.vir"
sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\105_corticas_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\120_luck_m.js.vir"
sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=CE36251B85631AF0D145BF086D14272593AB253A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=28EF3B09E284C4A1F530AE035D9CF94E12BD2A97 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=5F25813D57A67DE3D622192979961AA8AFE7D723 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.26.151_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=C05178549CBE9E63553D0F96A34DA37466788338 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaepkkifelelcdbcoinfeekemfdelle\2.5\xnByJpKkU.js.vir"
sh=7227A068CDA56A0A6B7B1EDB7EEFC0B0A79F7682 ft=1 fh=c71c00114e7e3b17 vn="Variante von Win32/Kryptik.BVSB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Finn\AppData\Roaming\Tyew\okoge.exe.vir"
sh=0BA79C3F97CAD4434AD52FEC6BEDE858F7013A2D ft=1 fh=6b9947797bc86b29 vn="Win32/PCPerformer.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\roboot.exe.vir"
sh=51AE35727C11D33C03BEBA2BBF4F37B397B5958A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Users\All Users\lcpinoicpcakljhbmfdidkkjdpljibpm\smUoVzIXY.js"
sh=AF23CD7CEB245D8F7A7054E4A459BE4AC1A4DAAF ft=1 fh=5c5ac26930da454b vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000001"
sh=6B22294BE20C1F76FD03C8B71B8B6EF0802CB9F8 ft=1 fh=4610c172e2275dac vn="Variante von Win32/SoftPulse.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000"
sh=0D0737C6DC9679BA746C594A147559A5CBC82D95 ft=1 fh=a55db4151f76afc1 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 20
Java version 32-bit out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 31.0.1650.57 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2014
Ran by Finn (administrator) on FINN-PC on 21-12-2014 00:14:29
Running from C:\Users\Finn\Desktop
Loaded Profile: Finn (Available profiles: Finn)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> {038EA7B4-F3DE-48AF-8A79-200D2C8BF3A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2471633549-1032859582-1289093826-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Finn\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
Chrome:
=======
CHR Profile: C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
CHR Extension: (Google Drive) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
CHR Extension: (YouTube) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
CHR Extension: (Google-Suche) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
CHR Extension: (Google Wallet) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Google Mail) - C:\Users\Finn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Finn\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 00:14 - 2014-12-21 00:14 - 00000000 ____D () C:\Users\Finn\Desktop\FRST-OlderVersion
2014-12-21 00:09 - 2014-12-21 00:09 - 00852505 _____ () C:\Users\Finn\Desktop\SecurityCheck.exe
2014-12-20 22:19 - 2014-12-20 22:19 - 02347384 _____ (ESET) C:\Users\Finn\Downloads\esetsmartinstaller_deu.exe
2014-12-20 00:23 - 2014-12-20 00:23 - 00000915 _____ () C:\Users\Finn\Desktop\JRT.txt
2014-12-20 00:21 - 2014-12-20 00:21 - 00000000 ____D () C:\Windows\ERUNT
2014-12-20 00:20 - 2014-12-20 00:20 - 01707646 _____ (Thisisu) C:\Users\Finn\Downloads\JRT.exe
2014-12-20 00:07 - 2014-12-20 00:16 - 00000000 ____D () C:\AdwCleaner
2014-12-20 00:06 - 2014-12-20 00:06 - 02166272 _____ () C:\Users\Finn\Downloads\AdwCleaner_4.105.exe
2014-12-20 00:05 - 2014-12-20 00:05 - 00053937 _____ () C:\Users\Finn\Desktop\mbam.txt
2014-12-18 22:48 - 2014-12-18 22:48 - 00030746 _____ () C:\ComboFix.txt
2014-12-18 22:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-18 22:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-18 22:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-18 22:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-18 22:16 - 2014-12-18 22:48 - 00000000 ____D () C:\Qoobox
2014-12-18 22:16 - 2014-12-18 22:46 - 00000000 ____D () C:\Windows\erdnt
2014-12-18 22:15 - 2014-12-18 22:12 - 05601641 ____R (Swearware) C:\Users\Finn\Desktop\ComboFix.exe
2014-12-18 21:51 - 2014-12-18 21:51 - 00001190 _____ () C:\Users\Finn\Desktop\Revo Uninstaller.lnk
2014-12-18 21:51 - 2014-12-18 21:51 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-18 21:50 - 2014-12-18 21:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Finn\Desktop\revosetup95.exe
2014-12-18 16:49 - 2014-12-21 00:14 - 01114112 _____ (Farbar) C:\Users\Finn\Desktop\FRST.exe
2014-12-18 16:49 - 2014-12-21 00:14 - 00000497 _____ () C:\Users\Finn\Desktop\FRST.txt
2014-12-18 16:49 - 2014-12-18 16:50 - 00028855 _____ () C:\Users\Finn\Desktop\Addition.txt
2014-12-18 16:45 - 2014-12-21 00:14 - 00000000 ____D () C:\FRST
2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-17 23:43 - 2014-12-17 23:43 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-17 22:39 - 2014-12-20 00:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 22:38 - 2014-12-17 22:38 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 22:38 - 2014-12-17 22:38 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-12-17 22:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 22:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 22:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 00:06 - 2012-11-01 13:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 23:48 - 2012-07-14 19:11 - 01579490 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 23:39 - 2012-11-01 13:03 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 23:28 - 2010-06-28 23:30 - 01499844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 18:39 - 2012-11-01 13:03 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-20 18:33 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 18:33 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 18:24 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 18:24 - 2009-07-14 05:39 - 00065622 _____ () C:\Windows\setupact.log
2014-12-20 00:17 - 2012-07-14 18:32 - 00226098 _____ () C:\Windows\PFRO.log
2014-12-19 13:02 - 2012-10-03 15:06 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-12-19 12:57 - 2014-09-23 16:08 - 00001059 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-19 12:57 - 2014-09-23 16:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-19 12:57 - 2014-05-07 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 12:57 - 2014-05-07 14:56 - 00000000 ____D () C:\Program Files\Avira
2014-12-18 22:48 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-18 22:48 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-18 22:41 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-18 22:37 - 2012-07-14 19:40 - 00000000 ____D () C:\Users\Finn
2014-12-18 20:16 - 2014-01-05 15:44 - 00000000 ____D () C:\Users\Finn\Tracing
2014-12-18 20:15 - 2014-01-12 19:38 - 00025850 _____ () C:\ProgramData\debug.log
2014-12-17 23:06 - 2012-10-08 17:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-17 23:06 - 2012-10-08 17:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\mscaii.exe
C:\Users\Finn\SilkroadOnline_SROROfficial_v1_068.exe
Some content of TEMP:
====================
C:\Users\Finn\AppData\Local\temp\avgnt.exe
C:\Users\Finn\AppData\Local\temp\Quarantine.exe
C:\Users\Finn\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-18 17:39
==================== End Of Log ============================
--- --- --- Ist es richtig, dass bei ESET immer noch infizierte Dateien gefunden wurden? Ein Windows Update ist weiterhin nicht möglich. Die Meldung sagt " ... es kann derzeit nicht nach Updates gesucht werden, der Dienst wird nicht ausgeführt ..." Geändert von blond (21.12.2014 um 00:37 Uhr) |
|
21.12.2014, 20:08
| #11 | |
| /// the machine /// TB-Ausbilder | Mit Maleware und Trojanern infiziertZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.12.2014, 20:44
| #12 |
| | Mit Maleware und Trojanern infiziert Ja, sieht ganz so aus. |
|
22.12.2014, 16:37
| #13 |
| /// the machine /// TB-Ausbilder | Mit Maleware und Trojanern infiziert Sieht so aus oder ist so? Wenn ja, alle Backups löschen. Java und Adobe updaten. Unbedint Windows updaten, da fehlt ien Servicepack und 400 Folge-Updates. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\All Users\lcpinoicpcakljhbmfdidkkjdpljibpm
C:\Backup My Data\All Users\lcpinoicpcakljhbmfdidkkjdpljibpm
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2471633549-1032859582-1289093826-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.12.2014, 17:02
| #14 |
| | Mit Maleware und Trojanern infiziert Grundproblem liegt darin, dass ich Windows nicht updaten kann! Angeblich wurde das letzte Update nicht ordnungsmäßig installiert. Zudem gibt es keinen alten Wiederherstellungspunkt. Eine Reparatur habe ich schon erfolglos versucht. Ich tendiere dazu, Windows neu aufzuspielen. |
|
23.12.2014, 16:58
| #15 |
| /// the machine /// TB-Ausbilder | Mit Maleware und Trojanern infiziert Mach bitte obiges. 
 Wenn das nicht klappt machen wir ein Inplace Upgrade. Neuaufsetzen sollte nicht nötig sein.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
Linear-Darstellung
