Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox

Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox


Log-Analyse und Auswertung: Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.04.2015, 14:43   #1
Lobot
 
Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox - Standard

Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox


Hallo zusammen,

auf dem Rechner meiner Eltern öffnen sich seit kurzem im Firefox ungewollt Tabs mit Werbung.

Ich habe schon Malwarebytes, AdwCleaner, Junkware Removal Tool und Eset online drüber laufen lassen, die alle auch was gefunden haben. Gelöst wurde das Problem jedoch nicht. Combofix habe ich aufgrund eurer Hinweis nicht verwendet.

Das ganze kam wohl durch einen vermeintlichen Codec-Pack, den mein Vater dann zusammen mit andern Sachen, die ihm spanisch vor kamen, wieder runter geschmissen hat.

Hier die gesammelten Log, mit der Bitte um Hilfe

Defrogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:56 on 07/04/2015 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
FRST: Riesig, daher als zip



FRST: Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by User at 2015-04-07 15:01:13
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Foto-Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.342 - ACD Systems International Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
HP 3D DriveGuard (HKLM\...\{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{16DDB3D1-5C27-4599-9C63-E583287191CC}) (Version: 10.2.2.12 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
OKI Color Swatch-Dienstprogramm (HKLM-x32\...\{A344F95E-E51A-450C-8F84-C940BF61903E}) (Version: 2.1.11 - Okidata)
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SRWare Iron Version SRWare Iron 36.0.1950.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 36.0.1950.0 - SRWare)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
T-Concept XI524 DSL (x32 Version: 2.20.0000 - T-Com) Hidden
T-Concept XI524 DSL V2.20 (HKLM-x32\...\InstallShield_{23D17CB1-F130-4B8D-8650-4F9E7D76BED7}) (Version: 2.20.0000 - T-Com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3900 - Broadcom Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-03-2015 08:41:53 Geplanter Prüfpunkt
25-03-2015 10:07:31 Windows Update
03-04-2015 03:39:24 Geplanter Prüfpunkt
07-04-2015 09:03:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01E6BB90-8A03-4E05-AFED-A958F85EBF22} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {131CE2A3-D5B1-40D8-800B-5F0ACB079305} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {2D7D529B-01E5-415D-9D58-757A283A05E4} - System32\Tasks\{5746F711-F100-41ED-9C98-BD3FDF01F504} => pcalua.exe -a C:\Bildschirmschoner\TwoTowers.exe -d C:\Bildschirmschoner
Task: {37BF00CD-2052-4876-AAB3-2BBE9AEED2F1} - \zMXBf3EwV3DDJ6iynmiAtDe No Task File <==== ATTENTION
Task: {69333C95-AC4F-40A7-ABEC-2403EEE0B040} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {7BA76CB2-ADE1-4052-B55D-6E70DA072197} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B1DD924C-50D2-49BE-AA9C-59A64FAE4733} - \roller_coaster_park_notification_service No Task File <==== ATTENTION
Task: {B27162C3-C95B-4F64-928D-6831045B3894} - \24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-2 No Task File <==== ATTENTION
Task: {BBB2B17C-350F-4BC6-9887-288CC263EFA4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BD3324A7-E503-4C2F-BE63-99E6CDC6C4A0} - System32\Tasks\WJUMHCS => C:\Users\User\AppData\Roaming\WJUMHCS.exe <==== ATTENTION
Task: {F58255A0-4A2A-4F79-AE1A-F0DE822DB46B} - System32\Tasks\HOERPWH => C:\Users\User\AppData\Roaming\HOERPWH.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HOERPWH.job => C:\Users\User\AppData\Roaming\HOERPWH.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WJUMHCS.job => C:\Users\User\AppData\Roaming\WJUMHCS.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-01-16 19:17 - 2006-02-23 12:35 - 00020480 _____ () C:\WINDOWS\System32\FritzColorPort64.dll
2015-01-16 19:17 - 2006-02-22 11:39 - 00020480 _____ () C:\WINDOWS\System32\FritzPort64.dll
2013-09-08 12:02 - 2010-06-17 21:56 - 00087040 _____ () C:\WINDOWS\System32\redmonnt.dll
2012-10-29 20:00 - 2012-10-29 20:00 - 00047480 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-02-20 05:47 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2013-08-31 17:55 - 2014-05-26 16:34 - 00870912 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2013-08-31 17:55 - 2014-05-26 16:35 - 00128512 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2013-08-31 17:55 - 2014-05-26 16:34 - 00950272 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\Control Panel\Desktop\\Wallpaper -> C:\Bildschirmschoner\gandalf1.bmp
DNS Servers: 192.168.179.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: CGVPNCliService => 2
HKLM\...\StartupApproved\Run: => "Broadcom Wireless Manager UI"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"

==================== Accounts: =============================

Administrator (S-1-5-21-3138844098-3363192315-3699539694-500 - Administrator - Disabled)
Gast (S-1-5-21-3138844098-3363192315-3699539694-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3138844098-3363192315-3699539694-1006 - Limited - Enabled)
User (S-1-5-21-3138844098-3363192315-3699539694-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Controller der Familie Realtek PCIe FE
Description: Controller der Familie Realtek PCIe FE
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2015 07:38:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.


System errors:
=============
Error: (04/07/2015 10:20:18 AM) (Source: DCOM) (EventID: 10010) (User: FELI_LAPTOP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/07/2015 10:13:28 AM) (Source: DCOM) (EventID: 10010) (User: FELI_LAPTOP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-07 13:33:06.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:33:06.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:33:06.324
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:33:06.118
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:33:05.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:33:05.751
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:33:05.555
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:33:05.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:17:15.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-07 13:17:14.952
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 19%
Total physical RAM: 8090.36 MB
Available physical RAM: 6511.17 MB
Total Pagefile: 9370.36 MB
Available Pagefile: 7492.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Win8) (Fixed) (Total:697.85 GB) (Free:636.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B5F1AC36)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=697.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-07 15:13:27
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002b Hitachi_HTS547575A9E384 rev.JE4OA60A 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\User\AppData\Local\Temp\pxlyrpod.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                              fffff960001dca00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17                                                                                         fffff960001dca11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [488:1492]                                                                                                     fffff960009272d0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                            0x28 0x08 0x7B 0x16 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime                                                                               0xDB 0x7F 0x82 0x16 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE                                                                        57
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO159E0_00_07DC_E6^D8A03C3FE36BD7F5A8BA9909FF48DF75@Timestamp           0x95 0x37 0xC9 0x9C ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                             592
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                           4521727
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                            -1354721076
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                            60
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                          439537591
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                         0
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                                       3259
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                             fed66b3b-e487-4a9d-b8b3-d09e414
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter                                                                 3
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter                                                                   10
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                               3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\acpiex\Parameters\Wdf@TimeOfLastSqmLog                                                                0x18 0x6A 0xE6 0xB0 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f8100011c                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f8100011c@a01020306d27                                                     0xF6 0xA3 0x86 0xFC ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext                                                 0x02 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@COD Type                                                      3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@DeviceAddressCache                                            9c2a70bbe0ce
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@DeviceRemoteWakeSupported                                     1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@DeviceSelectiveSuspended                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@ExtPropDescSemaphore                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@RAMPatchFileName                                              BCM43142A0_001.001.011.0084.0086.hex
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@RemoteWakeEnabled                                             1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicLinkName                                              \??\USB#VID_0A5C&PID_21D7#9C2A70BBE0CE#{0850302a-b344-4fda-9be9-90576b8d46f0}
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@SymbolicName                                                  \??\USB#VID_0A5C&PID_21D7#9C2A70BBE0CE#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@UseCM3Workaround                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000\Ceip                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000\Ceip@DeviceInformation                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000\Ceip@TroubleshooterRootCauseId                                0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000\e5b3b5ac-9725-4f78-963f-03dfb1d828c7                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog                                                                 0x49 0x74 0x41 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog                                                          0x19 0x3C 0xE9 0xB5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog                                                              0xFA 0x11 0x3F 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog                                                              0x21 0x4D 0x49 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{07CDB6F7-549E-4321-BC87-5452086E1155}@DefunctTimestamp                    0x2F 0xDE 0xF6 0x54 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{42FB1F77-86DF-4990-9FF0-D35D39E777ED}@DefunctTimestamp                    0xE7 0xC0 0x23 0x55 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastSqmLog                                                              0x07 0x56 0xF2 0xB0 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog                                                        0x6A 0x9B 0x57 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog                                                                0xFB 0x4B 0xC0 0xF4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                              ?Di?, ?Apr ?07 ?15, 11:44:27??????_???????_???????????????_????
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                              3563
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                             2008
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In   v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out  v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In   v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out  v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg     HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                       59
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS                                                                         755
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters\Wdf@TimeOfLastSqmLog                                                                 0x8E 0xAF 0x3C 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer                                                                       192.168.178.1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@DhcpIPAddress                      192.168.178.36
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@DhcpServer                         192.168.178.1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@Lease                              31536000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@LeaseObtainedTime                  1428406393
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@T1                                 1444174393
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@T2                                 1456000393
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@LeaseTerminatesTime                1459942393
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@DhcpNetworkHint                    64259445A51224F6870273439303F525
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@DhcpNameServer                     192.168.178.1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@DhcpDefaultGateway                 192.168.178.1?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\Interfaces\{448CE161-8082-46EC-8E36-4AC4EFB3A585}@DhcpV6NetworkHint                 64259445A51224F6870273439303F525
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog                                                              0x26 0x10 0x1D 0xB4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog                                                                 0x19 0x3C 0xE9 0xB5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog                                                               0x43 0x0C 0x96 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog                                                               0x1B 0x28 0xF5 0xB5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastSqmLog                                                              0x6D 0xCB 0x07 0xB1 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastSqmLog                                                              0xC7 0x82 0x84 0xB6 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                             0
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                           0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                                       0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw                                                                                           0x64 0x62 0x03 0x00 ...
Reg     HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask                                                                                       0x64 0x62 0x03 0x00 ...
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                               1
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count                               7
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Blocked                             7
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite                                                                         "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@1                                                                                     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk?C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe??
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Throttling\ScriptedDiagFailure                                                       
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Throttling\ScriptedDiagFailure@LastTime                                              0x41 0x42 0xE9 0xF2 ...
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Throttling\ScriptedDiagFailure@Duration                                              2592000

---- EOF - GMER 2.1 ----

Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.04.2015
Suchlauf-Zeit: 16:23:50
Logdatei: Malware.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.06.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372685
Verstrichene Zeit: 28 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, 3716, , [44192c3d43479c9a715643549b68b749]

Module: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, , [44192c3d43479c9a715643549b68b749], 

Registrierungsschlüssel: 61
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [e27b0e5b4545d363689342f8cd3654ac], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [e27b0e5b4545d363689342f8cd3654ac], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [e27b0e5b4545d363689342f8cd3654ac], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [f06d39308ffb270f6d75caa317ec3ec2], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [f06d39308ffb270f6d75caa317ec3ec2], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [f06d39308ffb270f6d75caa317ec3ec2], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2316c625-b487-4410-a1a5-ff040b65245f}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2316c625-b487-4410-a1a5-ff040b65245f}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{d8caf2df-52d3-42cf-9ddb-f4ff828db4f8}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{d8caf2df-52d3-42cf-9ddb-f4ff828db4f8}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{d8caf2df-52d3-42cf-9ddb-f4ff828db4f8}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2316C625-B487-4410-A1A5-FF040B65245F}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2316C625-B487-4410-A1A5-FF040B65245F}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.WebConnect.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2316C625-B487-4410-A1A5-FF040B65245F}, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [de7fc1a8335765d12edab8b68e75ad53], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [035acb9ee3a7fd399574204ec93a6d93], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [d6873336ef9bfb3b5e3fc0adae556898], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, , [a5b87aef32581c1a93a33bc1cb38e11f], 
PUP.Optional.SolidSavings.A, HKLM\SOFTWARE\WOW6432NODE\Solid Savings, , [a5b81356e0aa47ef753ab04021e2e31d], 
PUP.Optional.HDVid.A, HKLM\SOFTWARE\WOW6432NODE\TheHDvid-Codec V10, , [3d205217ddad6fc7d2b541a1a65d629e], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [baa385e4b0da2b0b78fceff40cf7956b], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, , [b7a65d0c8dfdf640999d827a15ee9c64], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [4c116207206abd791dc0f14e699c60a0], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [9bc291d839512016b72748f71fe648b8], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\1ClickDownload, , [025be48592f8171fae8050cf689d9b65], 
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\DSiteProducts, , [b5a80762bad047efdacb87be91744db3], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [64f98cdd701a33036ed25c7250b3ad53], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [c09d74f5a3e785b126d23ef3a95c0bf5], 
PUP.Optional.HDVid.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\APPDATALOW\SOFTWARE\TheHDvid-Codec V10, , [46178edbef9be15526637f63946fe719], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\CONDUIT\FF, , [b4a986e3642647eff553da49778e9868], 
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, , [f667c4a5eb9ffa3cae19833361a232ce], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [1d4095d43a50fe38838a2fd9659fea16], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\INSTALLCORE, , [1f3e3831721879bda43cca53d53005fb], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, , [5a030465048635010e3cce0a0ef5aa56], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\home, , [34296702a4e649edddad3aa8ca39ca36], 
PUP.Optional.WebConnect.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\WEBCONNECT, , [85d864057515bf77c364c7583cc9cf31], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.OneClickCtrl.10, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.Update3WebControl.4, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, , [44192c3d43479c9a715643549b68b749], 

Registrierungswerte: 10
PUP.Optional.Iminent.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [d6873336ef9bfb3b5e3fc0adae556898], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, , [bf9eb9b00c7e4fe7039ad39aaf541ce4], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [baa385e4b0da2b0b78fceff40cf7956b]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, , [ff5eb0b9f793a690df4f338319ea0af6]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, , [f667c4a5eb9ffa3cae19833361a232ce]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, , [1f3e3831721879bda43cca53d53005fb]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{42B20A6D-A421-483A-BB8D-DA9517EC1385}|URL, hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311667&CUI=UN14028774751357188&UM=1, , [e27bfa6f4a400a2cfe8a5a5d867dc63a]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{42B20A6D-A421-483A-BB8D-DA9517EC1385}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, , [2e2fa4c57317d066d7b1318662a121df]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{42B20A6D-A421-483A-BB8D-DA9517EC1385}|FaviconURL, hxxp://search.conduit.com/favicon.ico, , [3528ea7f3e4c71c59debae0924df758b]
PUP.Optional.WebConnect.A, HKU\S-1-5-21-3138844098-3363192315-3699539694-1001\SOFTWARE\WEBCONNECT|iid, def_WebConnect, , [85d864057515bf77c364c7583cc9cf31]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 16
Rogue.Multiple, C:\ProgramData\1887373585, , [233a3633c3c72016641f96dcaf540cf4], 
PUP.Optional.Iminent.A, C:\Users\User\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl, , [d6873b2ed9b183b33fb19ae732d10cf4], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, , [5eff3c2df5954aec52ae5c2623e017e9], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy, , [2934a2c7e5a581b5ed1994ee51b27090], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\7F2ABE9567FF4C54B071331A9C3C0739, , [2934a2c7e5a581b5ed1994ee51b27090], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\8F2605878B594B7D9079238991821EEE, , [2934a2c7e5a581b5ed1994ee51b27090], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com, , [d28bcc9df59538fe95b8146f5ea5857b], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{08174260-1228-485D-9B4E-DF23FE546E03}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{08174260-1228-485D-9B4E-DF23FE546E03}\1.3.25.27, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{04C808EF-0495-42DB-9877-5B20497C1804}, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.Updater.A, C:\Users\User\AppData\Roaming\DSite\UpdateProc, , [3c21630691f96acc05e8029720e3d12f], 

Dateien: 41
PUP.Optional.WebConnect.A, C:\Program Files (x86)\WebConnect\WebConnectBHO.dll, , [6bf27eeb9febb77f469f5419010237c9], 
PUP.Optional.GenericExt.A, C:\Users\User\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe, , [0d502148ddad2412c158d56a7a8636ca], 
PUP.Optional.OpenCandy.A, C:\Users\User\AppData\Roaming\OpenCandy\7F2ABE9567FF4C54B071331A9C3C0739\LatestDLMgr.exe, , [48151356d5b51b1b61543ffcd130966a], 
PUP.Optional.OpenCandy.A, C:\Users\User\AppData\Roaming\OpenCandy\8F2605878B594B7D9079238991821EEE\LatestDLMgr.exe, , [312c5e0b91f968cea1144fec44bd4ab6], 
PUP.Optional.WebConnect.A, C:\Program Files (x86)\WebConnect\updateWebConnect.exe, , [075600690981a88eef56a49d1be6b54b], 
PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3138844098-3363192315-3699539694-1001\$RBL384R\TheHDvid-Codec V10-bg.exe, , [4419ed7c97f32f07ef7ac00461a06b95], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-1, , [c895c2a71773df575916954e946f8d73], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-4, , [a8b56504e6a42d09b6b91ec5828139c7], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-5, , [5ffe2b3e3555152194db944f0201bb45], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-5_user, , [2e2fc8a14347f93d3738f6ed14eff30d], 
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ioawjs6.default\searchplugins\conduit.xml, , [64f97aef206a64d2b30e4db04eb5946c], 
Trojan.Agent, C:\Windows\The Two Towers.dat, , [3a23c6a397f391a5f66173f421e38d73], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-1.job, , [65f87dec503a4de94689b18ca95cd030], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-4.job, , [56075019ddad2115e2edd36a41c4837d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-5.job, , [411c55149bef7abc745b56e757ae669a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\24f05917-4db8-4ffe-a2ef-faa8ce2eef6c-5_user.job, , [bda0e980c7c3f83ece010d30c73e58a8], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, , [9bc290d98efcbc7ad40a68d5ff06ac54], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [5805a8c1b1d9092d558a8eaf23e233cd], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, , [9ac3d7926b1f90a65e8280bd5aab4bb5], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, , [4a13ce9b93f74fe7e001cd70689d17e9], 
Rogue.Multiple, C:\ProgramData\1887373585\BITA617.tmp, , [233a3633c3c72016641f96dcaf540cf4], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\8F2605878B594B7D9079238991821EEE\3135.ico, , [2934a2c7e5a581b5ed1994ee51b27090], 
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\8F2605878B594B7D9079238991821EEE\TuneUpUtilities2013-2200218_de-DE.exe, , [2934a2c7e5a581b5ed1994ee51b27090], 
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\stage2, , [d28bcc9df59538fe95b8146f5ea5857b], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, , [44192c3d43479c9a715643549b68b749], 
PUP.Optional.Updater.A, C:\Users\User\AppData\Roaming\DSite\UpdateProc\config.dat, , [3c21630691f96acc05e8029720e3d12f], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ioawjs6.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14a9b6d7fb3df7dd2d70122bd0b063ad");), ,[e479e782abdf51e546cbe057e026da26]
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ioawjs6.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311668&CUI=UN24253835002127717&UM=1&SearchSource=3&q={searchTerms}");), ,[47163d2c543666d0ff77ee49f70f2bd5]
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ioawjs6.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3311668.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311668&SearchSource=2&CUI=UN24253835002127717&UM=1&q=");), ,[eb7265046228eb4bd3a45ed944c245bb]
PUP.Optional.Conduit.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ioawjs6.default\prefs.js, Gut: (), Schlecht: (user_pref("CT3311668.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3311668&octid=CT3311668&SearchSource=15&CUI=UN24253835002127717&SSPV=&Lay=1&UM=1\"}");), ,[b7a66801b3d720166d1869ce2dd9c43c]
PUP.Optional.Iminent.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ioawjs6.default\user.js, Gut: (), Schlecht: (user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");), ,[c8955415d3b7072ffd18ad8a7a8c3dc3]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

ADW
Code:
ATTFilter
# AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 19:18:08
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : User - FELI_LAPTOP
# Gestarted von : C:\Users\User\Downloads\adwcleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\WebConnect
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Roaming\DSite
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5ioawjs6.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B27EF3C-2353-400E-A76E-6AB459559404}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;localhost;127.0.0.1

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 de)

[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.embeddedsData", "[{\"appId\":\"130207845842662181\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.installId", "conduitinstaller.exe");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.installType", "conduitnsisintegration");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.smartbar.CTID", "CT3311668");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.smartbar.Uninstall", "0");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.smartbar.homepage", "true");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("CT3311668.smartbar.toolbarName", "KeyBar 1.8 ");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3311668&CUI=UN24253835002127717&UM=1&SearchSource=13");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.8 Customized Web Search");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311668&SearchSource=2&CUI=UN24253835002127717&UM=1&q=");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3311668");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a43f13f31cec74ac7ad4a18dfdaeae120gmailcom63315.63315.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.admin", false);
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.dfltLng", "");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.excTlbr", false);
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.id", "2031188500000000000000ffac162160");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.instlDay", "16226");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.instlRef", "");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.newTab", false);
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.prdct", "iminent");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.rvrt", "false");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.smplGrp", "none");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.37:43:34");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.adapters", "{\"de.iminent.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"140194703638[...]
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3311668");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311668&CUI=UN24253835002127717&UM=1&SearchSource=13");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311668&SearchSource=2&CUI=UN24253835002127717&UM=1&q=");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311668");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3311668");
[5ioawjs6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.machineId", "J2CM98VTFSTXYXQTZT0DPVSTLPKGRKNBOOQO8HYGILBP76BQVTJHMPSW2ZPPCDCHKQU87YL45BHIHSPTSSE5SG");

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [12299 Bytes] - [06/04/2015 19:15:30]
AdwCleaner[S0].txt - [12242 Bytes] - [06/04/2015 19:18:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12302  Bytes] ##########
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.2 (04.06.2015:1)
OS: Windows 8.1 x64
Ran by User on 06.04.2015 at 19:34:07,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\5ioawjs6.default\prefs.js

user_pref("CT3311668.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3311668.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":358,\"minWidth\":215,\"width\":215}");
user_pref("CT3311668.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3311668.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3311668.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://
user_pref("CT3311668.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3311668.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3311668.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
user_pref("CT3311668.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3311668\"}");
user_pref("CT3311668.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar18T2.OurToolbar.com//xpi\"}");
user_pref("CT3311668.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.8\"}");
user_pref("CT3311668.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3311668.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3311668_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378187330681,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2015 at 19:36:34,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Themen zu Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox
chromium, combofix, device driver, flash player, iexplore, internet, internet explorer, launch, programm, pup.optional.1clickdownload.a, pup.optional.browsefox.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.defaulttab.a, pup.optional.digitalsites.a, pup.optional.globalupdate.a, pup.optional.globalupdate.c, pup.optional.globalupdate.t, pup.optional.hdvid.a, pup.optional.hdvidcodec.a, pup.optional.iminent.a, pup.optional.installcore.a, pup.optional.opencandy, pup.optional.solidsavings.a, pup.optional.webconnect.a, rogue.multiple, security, software, windows 8.1 64bit, workaround


« Pua/somoto.gen2 ? Virusentfernung | WIN7: Avira Funde TR/Trustezeb.118785 und TR/Crypt.ZACK.128114 »


Ähnliche Themen: Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox


  1. WIN 8.1 (64Bit) Firefox zeigt ungewollte Ads
    Plagegeister aller Art und deren Bekämpfung - 25.02.2015 (11)
  2. Mozilla Firefox öffnet unerwünschte Tabs automatisch
    Log-Analyse und Auswertung - 26.07.2014 (13)
  3. Mozilla Firefox öffnet automatisch Tabs
    Netzwerk und Hardware - 20.07.2014 (2)
  4. Rechner neu aufgesetzt, jetzt viele Spam pop ups und neu Mozilla "Werbe-tabs" ohne eigenes Zutun
    Log-Analyse und Auswertung - 29.06.2014 (12)
  5. Windows 8 / Mozilla Firefox : Ständig öffnen sich neue Fenster und Tabs mit Werbung und Warnhinweisen
    Log-Analyse und Auswertung - 28.05.2014 (7)
  6. Mozilla Firefox öffnet neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (3)
  7. Nach dem ersten Start von Mozilla Firefox laufen zwei bis drei akustische Werbespots - Windows 7, 64bit
    Log-Analyse und Auswertung - 10.02.2014 (9)
  8. Firefox öffnet sowohl neue Tabs als auch Werbe-Videos selbstständig!
    Log-Analyse und Auswertung - 09.02.2014 (49)
  9. Werbe Tabs öffnen sich in Firefox
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (20)
  10. Windows 7(64 bit): Firefox öffnet von allein Werbe Tabs "ads by remarkit"
    Log-Analyse und Auswertung - 07.01.2014 (4)
  11. Windows 7 (64 bit): Firefox öffnet selbstständig "Werbe-Tabs"
    Log-Analyse und Auswertung - 24.11.2013 (7)
  12. Windows 7 64bit/ Mozilla Firefox / Popups mit Spyware warnung
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (9)
  13. Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (21)
  14. Firefox öffnet ungewollt Werbe-Tabs / Systemperformance leidet scheinbar
    Log-Analyse und Auswertung - 20.11.2010 (16)
  15. Win7 64Bit | Firefox-> TABS öffnen sich automatisch
    Log-Analyse und Auswertung - 05.11.2010 (6)
  16. XXX in den Tabs von Mozilla Firefox und IE
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (18)
  17. Mozilla öffnet unaufgefordert Werbe-Tabs
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox - Hallo zusammen, auf dem Rechner meiner Eltern öffnen sich seit kurzem im Firefox ungewollt Tabs mit Werbung. Ich habe schon Malwarebytes, AdwCleaner, Junkware Removal Tool und Eset online drüber laufen - Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox...
Archiv
Du betrachtest: Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131