| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.06.2015, 01:41
| #1 |
| |  Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? Hallo, seit einiger Zeit ist mein physikalischer Arbeitsspeicher zunehmend ausgelastet. Außerdem muss ich für Seiten wie z.B. Youtube einen Adblocker benutzen, weil ich sonst von Werbung (keine reguläre Werbung im Video, sondern Werbung auf der Benutzeroberfläche) überschwemmt werde (Stichtest vor 5 Minuten: 3 Sekunden und 25 Blocks, hatte aber auch schon einmal eine Youtube Seite mit 200 Blocks). Ich habe folgende Logs wie angewiesen durchgeführt: defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:47 on 08/06/2015 (Marrel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-08 01:39:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: Gmer-19357.exe; Driver: C:\Users\Marrel\AppData\Local\Temp\kxriypog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003002000 63 bytes [43, 4D, 32, 35, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80003002040 13 bytes [01, 80, AC, 16, A0, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text c:\postgreSQL\bin\postgres.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ff1465 2 bytes [FF, 74]
.text c:\postgreSQL\bin\postgres.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ff14bb 2 bytes [FF, 74]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [1608](2010-05-08 11:48:36) 0000000000400000
Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2588] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-05-08 11:48:26) 0000000000400000
Library C:\Users\Marrel\Downloads\FRST64.exe (*** suspicious ***) @ C:\Users\Marrel\Downloads\FRST64.exe [2124] 000000013f530000
---- EOF - GMER 2.1 ----
Code:
ATTFilter dditional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Marrel at 2015-06-08 00:17:09
Running from C:\Users\Marrel\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1623171927-3149244632-4192914800-500 - Administrator - Disabled)
Gast (S-1-5-21-1623171927-3149244632-4192914800-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1623171927-3149244632-4192914800-1002 - Limited - Enabled)
Marrel (S-1-5-21-1623171927-3149244632-4192914800-1000 - Administrator - Enabled) => C:\Users\Marrel
X (S-1-5-21-1623171927-3149244632-4192914800-1003 - Limited - Enabled) => C:\Users\X
postgres (S-1-5-21-1623171927-3149244632-4192914800-1005 - Limited - Enabled) => C:\Users\postgres
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1310 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
a2zLyrics (HKLM-x32\...\7D05A411-F1D1-7148-7450-5F318274BDB1) (Version: - a2zLyrics-software) <==== ATTENTION
Abyss (HKLM-x32\...\{406656D9-548A-4451-8FDD-69A8A60B3DBC}) (Version: 1.0.0.0 - DigiPen Institute of Technology)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ANNO 1602 Königs-Edition (HKLM-x32\...\ANNO 1602 Königs-Edition) (Version: - )
Apophysis 2.0 (HKLM-x32\...\Apophysis 2.0) (Version: - )
Apowersoft Gratis - Audiorekorder V2.1.7 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.1.7 - Apowersoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BabylonObjectInstaller (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version: - )
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DealBulldog Toolbar (HKLM-x32\...\DealBulldog Toolbar) (Version: - ) <==== ATTENTION
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elite Force (HKLM-x32\...\Elite Force) (Version: - )
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0805 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free Hide IP (HKLM-x32\...\FreeHideIP) (Version: 4.0.1.6 - )
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Fritz6 (HKLM-x32\...\{E51F8EB2-0F55-4F80-9A1E-CE84BE063045}) (Version: - )
Game Booster 3 (HKLM-x32\...\Game Booster 3_is1) (Version: 3.0 - IObit)
GoforFiles (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
GoforFiles (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Might and Magic® III (HKLM-x32\...\Heroes of Might and Magic® III) (Version: - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Turbo (HKLM-x32\...\{B69EF583-75E4-4C52-B912-C711D937D648}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\{09961fa0-90bc-4ba8-9782-f4109c8597c2}) (Version: 1.31.20.10825 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\{fa665153-9cc6-47ab-8414-c06913b4d13a}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{09961fa0-90bc-4ba8-9782-f4109c8597c2}) (Version: 1.31.20.10825 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{fa665153-9cc6-47ab-8414-c06913b4d13a}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kikin Plugin (NO23 Edition) 1.11 (HKLM-x32\...\kikin Plugin (NO23 Edition)) (Version: 1.11 - kikin)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - eMachines)
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.03.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
NCH EN Toolbar (HKLM-x32\...\NCH_EN Toolbar) (Version: 6.8.5.1 - NCH EN)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nous Ver: 1.04 (HKLM-x32\...\{9A96022A-B5D0-4314-AA09-459907AF6F3D}_is1) (Version: - DigiPen)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PokerStrategy.com Equilab (HKLM-x32\...\{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}) (Version: 1.2.5.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.27 - NCH Software)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSD Viewer (HKLM-x32\...\{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1) (Version: - IdeaMK)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 4.32 - NCH Software)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skispringen 2002 (HKLM-x32\...\{5E4EF02B-4C5F-4B35-AB77-41284456165A}) (Version: - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.26 - NCH Software)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strategic War Command (HKLM-x32\...\{92677021-8835-6181-5178-752285230159}) (Version: 2.02 - rondomedia)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: - )
Structorizer (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Structorizer) (Version: - Bob Fisch)
Structorizer (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Structorizer) (Version: - Bob Fisch)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
The Movies(TM) Demo (HKLM-x32\...\InstallShield_{2E2BBF0D-EF39-42EA-9D96-F33AEE22904B}) (Version: 1.0 - Ihr Firmenname)
The Movies(TM) Demo (x32 Version: 1.0 - Ihr Firmenname) Hidden
The Talos Principle Demo (HKLM-x32\...\Steam App 330710) (Version: - Croteam)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{888DD888-82BE-4D85-BCB2-2E042CD3E844}) (Version: 1.05.157 - Ubisoft)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unreal Anthology (HKLM-x32\...\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}) (Version: 1.00.0000 - Epic Games, Inc.)
Video Downloader (HKLM-x32\...\Video Downloader) (Version: 1.14 - hxxp://www.vgrabber.com)
Video Web Camera (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.1.7.2 - Suyin Optronics Corp)
Virtua Tennis (HKLM-x32\...\{EADF648F-1711-11D6-AFAD-0040052179B6}) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Marrel (administrator) on Marrel-PC on 08-06-2015 00:24:09
Running from C:\Users\Marrel\Downloads
Loaded Profiles: Marrel & postgres & (Available Profiles: Marrel & X & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\DCService.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Users\Marrel\Desktop\mbar\mbar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Marrel\Desktop\Defogger (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\MountPoints2: {1bf890a5-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\MountPoints2: {1bf890b6-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bf890a5-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bf890b6-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1000] => http=;ftp=;https=;
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=;ftp=;https=;
ProxyEnable: [S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => http=127.0.0.1:13828
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1005 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: a2zLyrics -> {BB43A0A3-3F51-CCE3-D565-A22150A9CF21} -> C:\Program Files (x86)\ver3a2zLyrics\178_x64.dll [2014-09-19] ()
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll No File
BHO-x32: No Name -> {37483b40-c254-4a72-bda4-22ee90182c1e} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: kikin Plugin -> {E601996F-E400-41CA-804B-CD6373A7EEE2} -> C:\Program Files (x86)\kikin\ie_kikin.dll [2010-11-23] (kikin)
BHO-x32: SMTTB2009 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll [2011-06-22] ()
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM-x32 - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: [NameServer] 193.189.244.225 193.189.244.206
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405683532&from=smt&uid=WDCXWD6400BEVT-22A0RT0_WD-WXP1A80S5655S5655
FireFox:
========
FF ProfilePath: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&installDate=18/07/2013&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF user.js: detected! => C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\user.js [2014-09-19]
FF SearchPlugin: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\searchplugins\Web Search.xml [2013-12-31]
FF Extension: General Crawler - C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-04-20]
FF Extension: Plus-HD-1.6c - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com [2015-01-04]
FF Extension: Avira Browser Safety - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\abs@avira.com [2014-12-25]
FF Extension: Internet Turbo - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c} [2013-12-11]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-11-10]
FF Extension: TurnTool Viewer - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\ViewerInstall.xpi [2013-01-30]
FF Extension: Adblock Plus - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-15]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [{56785E7F-4711-0B8B-95D3-4F5852047D9B}] - C:\Program Files (x86)\ver3a2zLyrics\178.xpi
FF Extension: a2zLyrics - C:\Program Files (x86)\ver3a2zLyrics\178.xpi [2014-09-19]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{56785E7F-4711-0B8B-95D3-4F5852047D9B}] - C:\Program Files (x86)\ver3a2zLyrics\178.xpi
Chrome:
=======
CHR Profile: C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21]
CHR Extension: (General Crawler) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2014-09-19]
CHR Extension: (Bookmark Manager) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-04-20]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [841248 2010-02-26] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Software\Musikrecorder\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-03] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-17] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-23] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [488568 2012-04-28] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-07] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-07] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [120440 2012-05-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2068600 2012-05-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2013-12-08] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S2 webinstr; \??\C:\Windows\system32\Drivers\webinstr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 00:23 - 2015-06-08 00:23 - 00000246 _____ C:\Windows\SysWOW64\defogger_enable.log
2015-06-08 00:21 - 2015-06-08 00:23 - 00000474 _____ C:\Windows\SysWOW64\defogger_disable.log
2015-06-08 00:17 - 2015-06-08 00:17 - 00026405 _____ C:\Users\Marrel\Downloads\Addition.txt
2015-06-08 00:14 - 2015-06-08 00:24 - 00033636 _____ C:\Users\Marrel\Downloads\FRST.txt
2015-06-08 00:13 - 2015-06-08 00:24 - 00000000 ____D C:\FRST
2015-06-08 00:13 - 2015-06-08 00:13 - 02108928 _____ (Farbar) C:\Users\Marrel\Downloads\FRST64.exe
2015-06-08 00:12 - 2015-06-08 00:12 - 00050477 _____ C:\Users\Marrel\Desktop\Defogger (1).exe
2015-06-08 00:11 - 2015-06-08 00:11 - 00050477 _____ C:\Users\Marrel\Downloads\Defogger.exe
2015-06-07 21:13 - 2015-06-07 23:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-07 21:13 - 2015-06-07 23:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 21:11 - 2015-06-07 23:18 - 00000000 ____D C:\Users\Marrel\Desktop\mbar
2015-06-07 21:11 - 2015-06-07 21:23 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-07 21:10 - 2015-06-07 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marrel\Downloads\mbar-1.09.1.1004.exe
2015-06-07 20:19 - 2015-06-07 20:19 - 00276928 _____ C:\Windows\Minidump\060715-29686-01.dmp
2015-06-07 20:06 - 2015-06-07 20:06 - 00276928 _____ C:\Windows\Minidump\060715-30217-01.dmp
2015-06-06 23:40 - 2015-06-06 23:40 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-06 23:25 - 2015-06-06 23:28 - 110090565 _____ C:\Users\Marrel\Downloads\8311_Hm2AutoUpdate.exe
2015-06-06 04:30 - 2015-06-06 04:30 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-06-06 01:21 - 2015-06-06 01:21 - 00000000 ____D C:\bildschirm
2015-06-04 02:04 - 2015-06-04 02:05 - 00000000 ____D C:\Users\Marrel\AppData\Local\{A9CE8B73-A121-4CC9-ACFA-F89C8FFE2709}
2015-05-19 16:55 - 2015-05-19 16:56 - 00000000 ____D C:\Users\Marrel\Documents\UniversalReplayer
2015-05-19 16:54 - 2015-05-19 17:36 - 00002180 _____ C:\Users\Marrel\URPreferences.xml
2015-05-19 16:44 - 2015-05-19 16:44 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer (1).jnlp
2015-05-19 16:43 - 2015-05-19 16:44 - 00562272 _____ (Oracle Corporation) C:\Users\Marrel\Downloads\chromeinstall-8u45.exe
2015-05-19 16:40 - 2015-05-19 16:41 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer.jnlp
2015-05-17 02:59 - 2015-05-17 02:59 - 00010940 _____ C:\Users\Marrel\Documents\pokerbook.odt
2015-05-13 19:54 - 2015-05-13 19:54 - 00000000 ____D C:\Users\Marrel\AppData\Local\{89E771F2-90A2-4135-A699-1C8388D74046}
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\Program Files (x86)\PSDViewer
2015-05-10 04:10 - 2015-05-10 04:10 - 01203488 _____ C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 00:26 - 2013-04-20 13:18 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-06-08 00:23 - 2012-03-23 23:11 - 00000000 ____D C:\Users\Marrel
2015-06-08 00:09 - 2013-04-20 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles
2015-06-08 00:09 - 2013-04-20 12:56 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2015-06-08 00:03 - 2012-04-09 03:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 23:45 - 2012-03-23 22:39 - 01995154 _____ C:\Windows\WindowsUpdate.log
2015-06-07 23:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 23:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 23:30 - 2012-03-24 07:31 - 22396180 _____ C:\Windows\system32\perfh007.dat
2015-06-07 23:30 - 2012-03-24 07:31 - 07215964 _____ C:\Windows\system32\perfc007.dat
2015-06-07 23:30 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 23:25 - 2014-09-19 01:30 - 00000408 _____ C:\Windows\Tasks\a2zLyrics Update.job
2015-06-07 23:25 - 2014-07-31 20:20 - 00263754 _____ C:\Windows\PFRO.log
2015-06-07 23:25 - 2014-07-31 03:28 - 00061958 _____ C:\Windows\setupact.log
2015-06-07 23:25 - 2013-06-20 06:47 - 00001832 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001200 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001196 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001100 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2015-06-07 23:25 - 2012-05-11 15:12 - 00000000 ____D C:\Users\postgres
2015-06-07 23:25 - 2012-04-09 03:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 23:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-07 23:18 - 2013-06-20 06:47 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\WebCake
2015-06-07 23:18 - 2013-06-20 06:47 - 00000000 ____D C:\Program Files (x86)\WebCake
2015-06-07 20:57 - 2014-09-15 18:08 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Skype
2015-06-07 20:43 - 2012-05-11 15:24 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\HoldemManager
2015-06-07 20:23 - 2012-03-24 00:07 - 00000000 ____D C:\Users\Marrel\AppData\Local\PokerStars.EU
2015-06-07 20:22 - 2014-03-18 12:20 - 00000000 ____D C:\a
2015-06-07 20:19 - 2013-05-06 18:36 - 00000000 ____D C:\Windows\Minidump
2015-06-07 20:18 - 2014-07-31 20:20 - 468712171 _____ C:\Windows\MEMORY.DMP
2015-06-06 23:33 - 2012-05-11 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-06-06 00:45 - 2013-07-25 00:45 - 00000058 _____ C:\Windows\ChssBase.ini
2015-06-05 03:49 - 2015-02-19 01:27 - 00004305 _____ C:\blitzerr.txt
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ____D C:\ProgramData\Skype
2015-05-30 17:07 - 2012-04-30 13:40 - 00000000 ____D C:\Users\Marrel\AppData\Local\Equilab
2015-05-25 20:23 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:02 - 2014-10-06 02:04 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412553844
2015-05-20 20:02 - 2014-10-06 02:04 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-17 03:58 - 2012-04-09 03:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:58 - 2012-04-09 03:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:20 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
==================== Files in the root of some directories =======
2013-07-29 10:21 - 2013-07-29 10:21 - 0051992 _____ (cake bake) C:\Program Files (x86)\WDesktop.Updater.exe
2014-03-21 03:27 - 2014-03-21 03:27 - 0072341 _____ () C:\Users\Marrel\AppData\Roaming\Debut.dmp
2013-12-08 21:30 - 2013-12-08 21:30 - 0001181 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt
2013-12-08 21:30 - 2013-12-08 21:30 - 0000000 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Marrel\AppData\Local\CDRip.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Marrel\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Marrel\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Marrel\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Marrel\AppData\Local\ogg.dll
2014-12-01 18:35 - 2014-12-01 18:35 - 0001456 _____ () C:\Users\Marrel\AppData\Local\RecConfig.xml
2012-06-04 09:59 - 2015-01-12 00:30 - 0007593 _____ () C:\Users\Marrel\AppData\Local\Resmon.ResmonCfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Marrel\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Marrel\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Marrel\AppData\Local\vorbisfile.dll
2013-06-15 00:39 - 2013-06-24 23:54 - 0001181 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Marrel\AppData\Local\Temp\avgnt.exe
C:\Users\Marrel\AppData\Local\Temp\ffmpeg16.exe
C:\Users\Marrel\AppData\Local\Temp\ffmpeg19.exe
C:\Users\Marrel\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Marrel\AppData\Local\Temp\prismsetup.exe
C:\Users\Marrel\AppData\Local\Temp\uninst.exe
C:\Users\Marrel\AppData\Local\Temp\yFlW0.dll
C:\Users\Marrel\AppData\Local\Temp\yFlW0.exe
C:\Users\Marrel\AppData\Local\Temp\_LookF.exe
C:\Users\X\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-26 06:21
==================== End of log ============================
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.07.05
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marrel :: Marrel-PC [administrator]
07/06/2015 21:29:16
mbar-log-2015-06-07 (21-29-16).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 483781
Time elapsed: 1 hour(s), 45 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Users\Marrel\AppData\Roaming\WebCake\WebCakeDesktop.exe (Adware.WebCake) -> Delete on reboot. [568b4671474361d59eac9cc4c541f60a]
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (Adware.WebCake) -> Delete on reboot. [429fbef9f991300669e1421ed5318f71]
C:\Users\X\AppData\Local\Temp\Low\hkRR.dll (Trojan.FakeMS.ED) -> Delete on reboot. [22bf981f92f8bc7a76e04c764fb2b24e]
C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf (PUP.Optional.WebInstr.A) -> Delete on reboot. []
C:\Windows\System32\drivers\webinstr.sys (PUP.Optional.AddLyrics) -> Delete on reboot. [46676950e690ec64f0d776263b28f622]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.07.05
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marrel :: Marrel-PC [administrator]
07/06/2015 23:31:59
mbar-log-2015-06-07 (23-31-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 482186
Time elapsed: 1 hour(s), 33 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 für jegliche Hilfe.Gruß Marrel |
|
08.06.2015, 04:46
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
08.06.2015, 10:00
| #3 |
| | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? Danke für die schnelle Antwort.
__________________Mit Revo Unistaller habe ich die meisten Programme aus der Liste Deinstaliert. Nicht auffindbar war: WebCake 3.00 Außerdem habe ich GoforFiles nur 1x gefunden (hattest du doppelt angegeben) Hier der Log von C:\Combofix.txt: Code:
ATTFilter ComboFix 15-05-31.01 - Marrel 08/06/2015 10:15:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4026.2304 [GMT 2:00]
ausgeführt von:: c:\users\Marrel\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CoolLyrics
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\kikin_updater_2.0.0.11.exe
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\program files (x86)\LyricsContainer
c:\program files (x86)\Windows Searchqu Toolbar
c:\users\Marrel\AppData\Local\lame_enc.dll
c:\users\Marrel\AppData\Local\no23xwrapper.dll
c:\users\Marrel\AppData\Local\ogg.dll
c:\users\Marrel\AppData\Local\vorbis.dll
c:\users\Marrel\AppData\Local\vorbisenc.dll
c:\users\Marrel\AppData\Local\vorbisfile.dll
c:\users\Marrel\AppData\Roaming\kikin
c:\users\Marrel\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Marrel\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Marrel\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Marrel\AppData\Roaming\kikin\ie_settings.xml
c:\users\Marrel\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
c:\users\Marrel\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
c:\users\Marrel\AppData\Roaming\Microsoft\Windows\Recent\29. 15.32-46, 21.21-31, 22.17-43, 23.51-24.06 u. 25.01-17 25.38-49, 27.16-30 K1.url
c:\users\Marrel\AppData\Roaming\Roaming
c:\users\Marrel\AppData\Roaming\Roaming\HoldemManager\config\PokerstarsZoomTables.xml
c:\users\X\AppData\Roaming\kikin
c:\users\X\AppData\Roaming\kikin\ie_configuration.xml
c:\users\X\AppData\Roaming\kikin\ie_kkes.xml
c:\users\X\AppData\Roaming\kikin\ie_settings.xml
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-08 bis 2015-06-08 ))))))))))))))))))))))))))))))
.
.
2015-06-07 22:13 . 2015-06-07 22:26 -------- d-----w- C:\FRST
2015-06-07 19:13 . 2015-06-08 07:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-07 19:13 . 2015-06-07 21:31 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-07 19:11 . 2015-06-07 19:23 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-06 21:40 . 2015-06-06 21:40 -------- d-----w- c:\users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-05 23:21 . 2015-06-05 23:21 -------- d-----w- C:\bildschirm
2015-05-10 02:13 . 2015-05-10 02:13 -------- d-----w- c:\program files (x86)\PSDViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-05 13:31 . 2014-02-11 22:12 152744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-05-05 13:31 . 2014-02-11 22:12 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-29 00:43 . 2014-04-27 20:36 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-12 06:52 . 2014-02-11 22:12 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-07-29 08:21 . 2013-07-29 08:21 51992 ----a-w- c:\program files (x86)\WDesktop.Updater.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 webinstr;webinstr;c:\windows\system32\Drivers\webinstr.sys;c:\windows\SYSNATIVE\Drivers\webinstr.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\software\Musikrecorder\Common\Database\bin\fbserver.exe;c:\software\Musikrecorder\Common\Database\bin\fbserver.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 stdriver;SoundTap Filter Driver v6.07.00;c:\windows\system32\DRIVERS\stdriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriverx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-25 19:04 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 03:40]
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 03:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-02-26 818720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube to MP3 Converter - c:\users\Marrel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&installDate=18/07/2013&q=
FF - ExtSQL: !HIDDEN! 2013-06-15 00:44; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110311201102} - c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll
BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
BHO-{BB43A0A3-3F51-CCE3-D565-A22150A9CF21} - c:\program files (x86)\ver3a2zLyrics\178_x64.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-7-Zip - c:\sovtware\ZIP2\7-Zip\Uninstall.exe
AddRemove-ANNO 1602 Königs-Edition - c:\windows\IsUn0407.exe
AddRemove-ASIO4ALL - c:\sovtware\Videorecorder\Wavegerät\ASIO4ALLjo\uninstall.exe
AddRemove-CamStudio - c:\sovtware\Videorecorder\CamStudio\uninstall.exe
AddRemove-Elite Force - c:\windows\IsUn0407.exe
AddRemove-Heroes of Might and Magic® III - c:\windows\IsUn0407.exe
AddRemove-HyperCam 2 - c:\sovtware\Videorecorder\HyperCam 2\HcUnInst.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files (x86)\kikin\uninst.exe
AddRemove-NCH_EN Toolbar - c:\program files (x86)\NCH_EN\uninstall.exe
AddRemove-PokerStars - c:\unterhaltung\x1\PokerStarsUninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-VLC media player - c:\users\Marrel\Desktop\VLC\uninstall.exe
AddRemove-Structorizer - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\postgresql\bin\pg_ctl.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-08 10:44:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-06-08 08:44
.
Vor Suchlauf: 28 Verzeichnis(se), 461,346,840,576 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 460,820,525,056 Bytes frei
.
- - End Of File - - 1EB7BDBD0BE5721F1491AA2C1289A810
|
|
08.06.2015, 20:29
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.06.2015, 01:15
| #5 |
| | Antwort Teil 1 von 2 AdwCleaner[S0].txt: Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 00:03:40
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Marrel - Marrel-PC
# Gestarted von : C:\Users\Marrel\Downloads\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\goforfiles
Ordner Gelöscht : C:\Program Files (x86)\vGrabber-software
Ordner Gelöscht : C:\Program Files (x86)\Web Cake
Ordner Gelöscht : C:\Program Files (x86)\WebCake
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Marrel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marrel\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Marrel\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Web Cake
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Ordner Gelöscht : C:\Users\X\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\X\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.anisearch.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.anisearch.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : GoforFilesUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{56785E7F-4711-0B8B-95D3-4F5852047D9B}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=;ftp=;hxxps=;
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16555
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v35.0 (x86 de)
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.backgroundjs", "\n\n/*****************************************************************************[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.js", "\n\n /************************************************************************************\[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_13.name", "CrossriderAppUtils");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_14.name", "CrossriderUtils");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"isBackground!==true)&&(typeof _[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_177.code", "(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(\"*crossrider[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_177.name", "crossriderDashboard");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_182.code", "(function(){if(typeof $jquery_171===\"undefined\"){return;}var c={DUMMY[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_194.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_78.name", "CrossriderInfo");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Country", "Germany");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22925940);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.UserID", "2d9ba86a-b224-4694-aebd-2d0d0011e71c");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", true);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.downloadprovider", "internetturboyb");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installationid", "2d9ba86a-b224-4694-aebd-2d0d0011e71c");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installdate", "18/07/2013");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.publisher", "internetturboyb");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\":{\"d\":\"C:\\\\Users\\\\Marrel\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hi9gzh[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.webcake.installId", "0866ee34-ac1a-45c3-8806-393c6bc901f9");
-\\ Google Chrome v43.0.2357.81
[C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : abfmigjiaapipflmopkaaooigcjjdojh
-\\ Opera v29.0.1795.60
*************************
AdwCleaner[R0].txt - [15870 Bytes] - [09/06/2015 00:01:00]
AdwCleaner[S0].txt - [14951 Bytes] - [09/06/2015 00:03:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15011 Bytes] ##########
JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.0 (06.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Marrel on 09/06/2015 at 0:25:11.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}
~~~ Files
Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_click.dealshark.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_click.dealshark.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.metrolyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{018D92E4-F76A-47C4-85C9-654BF8789B0F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{03A48F3C-3617-4781-831F-C345548FDE46}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{0CD1EA97-C2F4-4606-ACEB-6CC83EC6B443}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{0D36D10C-0401-472D-ACC0-EB709819D9CE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{16849230-8B24-4584-9DA7-630851D5A5CE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{22BA43C1-5728-49D9-B73D-EEA4DE4E9561}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{25B3575B-9663-401E-9539-E2DE25D815F0}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{2E4F208C-256B-44F2-8122-8A8219920AFF}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{30676F8E-5548-43DE-B74B-311231F9E5C8}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{32C1EDA1-00F9-4BB0-A1AF-076C9CDEAD97}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{39B764DC-2D60-4C3E-AD45-CE470C1FC7E9}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{3C286C1C-5F54-4D39-98E4-DD7D4193C1BB}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{3D95129D-1B92-48BE-B8C5-786FF8B09304}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{3EFDE03F-64EF-4552-A77E-67D82D796856}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{41E3E590-BF1F-480B-9DD4-8A1182403D61}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{493F21DA-AA7A-4E94-B03A-2BE083471D57}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{5AC97C65-A59E-45FE-A513-0F7A94994C3B}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{5D68B773-4433-41A0-A722-659C1AB99A6E}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{60058313-1108-43B5-9E61-E359966341CA}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{613CA3F0-CF34-42F9-9F92-BFF35DD52C7C}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{6CCC7B19-9165-4957-9FBE-413B1740858B}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{7595B27F-EE28-4BE6-9D16-2E9A16EDB208}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{75F51AEA-2DAD-4DC3-A3CD-A9D99F48ADEE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{76B329BA-22A6-4CEA-B6DB-221C0320E173}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{78E428D9-2D03-47CA-A68A-C086D32E9839}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{7B9E5324-9D76-4AA5-9CF0-5511910DCAEE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{7E25D1C7-9EEC-4DD2-98DF-1022CD4F94A9}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{8645EDFA-BA89-433F-A114-7972F4F5E7E2}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{89D670EE-92A9-4DB9-95FC-D6A86EF82A90}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{89E771F2-90A2-4135-A699-1C8388D74046}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{95FA7227-84EF-4A8C-A4FB-86F3ECEEB98F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{9A333B7A-9CA4-445A-B7C3-D4007A4498E4}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{9B1F2233-E717-4DF5-99AE-E8F27B5F09A4}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{9B792DA0-C6EB-4206-843A-6D383EAAF502}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A3ED65F7-E72A-4FA7-9572-48A510D6C924}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A4102586-FD8D-40A5-A609-65F1965A9C2D}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A58C46BE-10AB-4A10-8891-F629E0CF0520}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A9CE8B73-A121-4CC9-ACFA-F89C8FFE2709}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{AE48280A-00E2-4AA3-9CB9-1D3518F77296}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{AF2E5DFC-D0CE-4082-A981-69950231E726}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{B10DFD99-63CC-456C-A80C-6B5076800464}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{B95CB900-FB10-4520-AD5C-D2D011DB368D}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{BD7DA7C6-EA7F-4B94-98F9-A5DD1A63AD03}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{BEA7C67A-4785-4D08-94C6-EEDDC07346B1}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{BF692C06-2333-4522-B21B-B8343B67D798}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{C3AACB2C-224A-439F-9EC4-479663885017}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{C80A9271-AFB6-4CDF-8408-B2033FD60B4D}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{C94450EF-C385-455C-92C2-46B101E413DA}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{CC395AED-76CE-4223-9326-5ED95FFA2B64}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{CDFDBFEA-3091-4967-AF36-1326BD34C67F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{DFD280B1-99A6-4292-84CA-0431CDF007DC}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{E1A0CF5A-BB42-42D9-8538-2476AD841616}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{EA13420A-9651-4A26-ABB0-52E3534B2F6C}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{EC82544E-5879-4441-A35A-5B0F0F62646F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{ECB93D8D-77E3-4407-88ED-C7EA49D0D2EE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{EE90615D-2C82-4ED0-837F-BAA2D1C624BC}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{FBD2185B-2B93-46BA-A65B-D10EC164161E}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{FFCA6B00-51DB-4656-A4AB-5816DBED9C49}
~~~ FireFox
Successfully deleted the following from C:\Users\Marrel\AppData\Roaming\mozilla\firefox\profiles\hi9gzhok.default\prefs.js
user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_17.code, if(typeof window!==\undefined\){\n/*!\n * jQu
user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_195.code, if(typeof appAPI.internal.monetization===\und
user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_208.code, if(typeof appAPI.internal.monetization===\und
user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_91.code, (function(i){if(!appAPI.isBackground&&appAPI.do
Emptied folder: C:\Users\Marrel\AppData\Roaming\mozilla\firefox\profiles\hi9gzhok.default\minidumps [23 files]
~~~ Chrome
[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/06/2015 at 0:32:25.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST(2).txt: Code:
ATTFilter can result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Marrel (administrator) on Marrel-PC on 09-06-2015 01:29:13
Running from C:\Users\Marrel\Desktop
Loaded Profiles: Marrel (Available Profiles: Marrel & X & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM-x32 - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: [NameServer] 193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Extension: Avira Browser Safety - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\abs@avira.com [2014-12-25]
FF Extension: Internet Turbo - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c} [2013-12-11]
FF Extension: TurnTool Viewer - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\ViewerInstall.xpi [2013-01-30]
FF Extension: Adblock Plus - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-15]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\ver3a2zLyrics\178.xpi [not found]
FF Extension: No Name - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com [not found]
Chrome:
=======
CHR Profile: C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21]
CHR Extension: (Bookmark Manager) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [841248 2010-02-26] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Software\Musikrecorder\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-03] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-17] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-23] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [488568 2012-04-28] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [120440 2012-05-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2068600 2012-05-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2013-12-08] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 00:32 - 2015-06-09 00:39 - 00011254 _____ C:\Users\Marrel\Desktop\JRT.txt
2015-06-09 00:25 - 2015-06-09 00:25 - 00000207 _____ C:\Windows\tweaking.com-regbackup-Marrel-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-09 00:25 - 2015-06-09 00:25 - 00000000 ____D C:\RegBackup
2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 ____D C:\Users\Marrel\AppData\Local\NewTech Infosystems
2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 _____ C:\Windows\JCMKR32.INI
2015-06-09 00:18 - 2015-06-09 00:18 - 02943232 _____ (Thisisu) C:\Users\Marrel\Downloads\JRT.exe
2015-06-09 00:08 - 2015-06-09 01:28 - 00015093 _____ C:\Users\Marrel\Desktop\AdwCleaner[S0].txt
2015-06-09 00:00 - 2015-06-09 00:04 - 00000000 ____D C:\AdwCleaner
2015-06-08 23:57 - 2015-06-09 01:25 - 00121247 _____ C:\Users\Marrel\Desktop\mbam.txt
2015-06-08 22:26 - 2015-06-08 22:26 - 02231296 _____ C:\Users\Marrel\Downloads\AdwCleaner_4.206.exe
2015-06-08 22:23 - 2015-06-08 22:23 - 00000710 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ Malwarebytes Anti-Malware
2015-06-08 22:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 22:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-08 22:19 - 2015-06-08 22:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marrel\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-08 10:50 - 2015-06-08 10:50 - 00022376 _____ C:\Users\Marrel\Desktop\Combofix.txt
2015-06-08 10:44 - 2015-06-08 10:44 - 00022444 _____ C:\ComboFix.txt
2015-06-08 10:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 10:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 10:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 10:11 - 2015-06-08 10:44 - 00000000 ____D C:\Qoobox
2015-06-08 10:11 - 2015-06-08 10:42 - 00000000 ____D C:\Windows\erdnt
2015-06-08 10:09 - 2015-06-08 10:09 - 05628238 ____R (Swearware) C:\Users\Marrel\Downloads\ComboFix.exe
2015-06-08 09:14 - 2015-06-08 09:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marrel\Downloads\revosetup95.exe
2015-06-08 09:14 - 2015-06-08 09:14 - 00000748 _____ C:\Users\Marrel\Desktop\Revo Uninstaller.lnk
2015-06-08 02:47 - 2015-06-08 02:47 - 00000012 _____ C:\Users\Marrel\Desktop\fghhj.txt
2015-06-08 01:47 - 2015-06-08 01:54 - 00000476 _____ C:\Users\Marrel\Desktop\defogger_disable.log
2015-06-08 01:39 - 2015-06-08 01:54 - 00002409 _____ C:\Users\Marrel\Desktop\Gmer.txt
2015-06-08 00:46 - 2015-06-08 00:46 - 00380416 _____ C:\Users\Marrel\Downloads\Gmer-19357.exe
2015-06-08 00:29 - 2015-06-08 00:29 - 00000000 _____ C:\Users\Marrel\defogger_reenable
2015-06-08 00:23 - 2015-06-08 00:23 - 00000246 _____ C:\Windows\SysWOW64\defogger_enable.log
2015-06-08 00:21 - 2015-06-08 00:29 - 00000474 _____ C:\Windows\SysWOW64\defogger_disable.log
2015-06-08 00:17 - 2015-06-08 01:41 - 00026371 _____ C:\Users\Marrel\Desktop\Addition.txt
2015-06-08 00:14 - 2015-06-09 01:29 - 00019178 _____ C:\Users\Marrel\Desktop\FRST.txt
2015-06-08 00:13 - 2015-06-09 01:29 - 00000000 ____D C:\FRST
2015-06-08 00:13 - 2015-06-08 00:13 - 02108928 _____ (Farbar) C:\Users\Marrel\Desktop\FRST64.exe
2015-06-08 00:12 - 2015-06-08 00:12 - 00050477 _____ C:\Users\Marrel\Desktop\Defogger (1).exe
2015-06-08 00:11 - 2015-06-08 00:11 - 00050477 _____ C:\Users\Marrel\Downloads\Defogger.exe
2015-06-07 21:13 - 2015-06-09 00:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 21:13 - 2015-06-08 23:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-07 21:11 - 2015-06-08 01:14 - 00000000 ____D C:\Users\Marrel\Desktop\mbar
2015-06-07 21:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-07 21:10 - 2015-06-07 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marrel\Downloads\mbar-1.09.1.1004.exe
2015-06-07 20:19 - 2015-06-07 20:19 - 00276928 _____ C:\Windows\Minidump\060715-29686-01.dmp
2015-06-07 20:06 - 2015-06-07 20:06 - 00276928 _____ C:\Windows\Minidump\060715-30217-01.dmp
2015-06-06 23:40 - 2015-06-06 23:40 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-06 23:25 - 2015-06-06 23:28 - 110090565 _____ C:\Users\Marrel\Downloads\8311_Hm2AutoUpdate.exe
2015-06-06 04:30 - 2015-06-06 04:30 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-06-06 01:21 - 2015-06-06 01:21 - 00000000 ____D C:\bildschirm
2015-05-19 16:55 - 2015-05-19 16:56 - 00000000 ____D C:\Users\Marrel\Documents\UniversalReplayer
2015-05-19 16:54 - 2015-05-19 17:36 - 00002180 _____ C:\Users\Marrel\URPreferences.xml
2015-05-19 16:44 - 2015-05-19 16:44 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer (1).jnlp
2015-05-19 16:43 - 2015-05-19 16:44 - 00562272 _____ (Oracle Corporation) C:\Users\Marrel\Downloads\chromeinstall-8u45.exe
2015-05-19 16:40 - 2015-05-19 16:41 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer.jnlp
2015-05-17 02:59 - 2015-05-17 02:59 - 00010940 _____ C:\Users\Marrel\Documents\pokerbook.odt
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\Program Files (x86)\PSDViewer
2015-05-10 04:10 - 2015-05-10 04:10 - 01203488 _____ C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 01:03 - 2012-04-09 03:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 00:33 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 00:33 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 00:26 - 2012-04-09 03:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-09 00:21 - 2014-07-31 03:28 - 00062350 _____ C:\Windows\setupact.log
2015-06-09 00:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 00:20 - 2012-03-23 22:39 - 01072624 _____ C:\Windows\WindowsUpdate.log
2015-06-09 00:05 - 2014-07-31 20:20 - 00466484 _____ C:\Windows\PFRO.log
2015-06-09 00:03 - 2015-01-14 10:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-08 23:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2015-06-08 23:45 - 2014-10-06 02:05 - 00000000 ____D C:\Program Files (x86)\FreeHideIP
2015-06-08 23:01 - 2012-04-30 13:40 - 00000000 ____D C:\Users\Marrel\AppData\Local\Equilab
2015-06-08 22:23 - 2013-07-18 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-08 18:55 - 2013-07-25 00:45 - 00000058 _____ C:\Windows\ChssBase.ini
2015-06-08 10:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-08 10:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-08 10:33 - 2012-05-11 15:12 - 00000000 ____D C:\Users\postgres
2015-06-08 09:20 - 2014-09-15 18:08 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Skype
2015-06-08 00:29 - 2012-03-23 23:11 - 00000000 ____D C:\Users\Marrel
2015-06-07 23:30 - 2012-03-24 07:31 - 22396180 _____ C:\Windows\system32\perfh007.dat
2015-06-07 23:30 - 2012-03-24 07:31 - 07215964 _____ C:\Windows\system32\perfc007.dat
2015-06-07 23:30 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 20:43 - 2012-05-11 15:24 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\HoldemManager
2015-06-07 20:23 - 2012-03-24 00:07 - 00000000 ____D C:\Users\Marrel\AppData\Local\PokerStars.EU
2015-06-07 20:22 - 2014-03-18 12:20 - 00000000 ____D C:\a
2015-06-07 20:19 - 2013-05-06 18:36 - 00000000 ____D C:\Windows\Minidump
2015-06-07 20:18 - 2014-07-31 20:20 - 468712171 _____ C:\Windows\MEMORY.DMP
2015-06-06 23:33 - 2012-05-11 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-06-05 03:49 - 2015-02-19 01:27 - 00004305 _____ C:\blitzerr.txt
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 20:23 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:02 - 2014-10-06 02:04 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412553844
2015-05-20 20:02 - 2014-10-06 02:04 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-17 03:58 - 2012-04-09 03:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:58 - 2012-04-09 03:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:20 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
==================== Files in the root of some directories =======
2014-03-21 03:27 - 2014-03-21 03:27 - 0072341 _____ () C:\Users\Marrel\AppData\Roaming\Debut.dmp
2013-12-08 21:30 - 2013-12-08 21:30 - 0001181 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt
2013-12-08 21:30 - 2013-12-08 21:30 - 0000000 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Marrel\AppData\Local\CDRip.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Marrel\AppData\Local\No23 Recorder.exe
2014-12-01 18:35 - 2014-12-01 18:35 - 0001456 _____ () C:\Users\Marrel\AppData\Local\RecConfig.xml
2012-06-04 09:59 - 2015-01-12 00:30 - 0007593 _____ () C:\Users\Marrel\AppData\Local\Resmon.ResmonCfg
2013-06-15 00:39 - 2013-06-24 23:54 - 0001181 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Marrel\AppData\Local\Temp\avgnt.exe
C:\Users\Marrel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marrel\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-26 06:21
==================== End of log ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08/06/2015 Suchlauf-Zeit: 22:24:45 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.08.04 Rootkit Datenbank: v2015.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Marrel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 493017 Verstrichene Zeit: 1 Std, 10 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 48 PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], PUP.Optional.SearchQu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], PUP.Optional.SearchQu, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], PUP.Optional.SearchQu, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [bd87a513fd8d4fe75468e3bddf24b34d], PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [bd87a513fd8d4fe75468e3bddf24b34d], PUP.Optional.Snapdo.T, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [55eff9bfc0ca201664dd3173e221cb35], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{338B4DFE-2E2C-4338-9E41-E176D497299E}, In Quarantäne, [51f35860434700365e2ce08819eabc44], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{338B4DFE-2E2C-4338-9E41-E176D497299E}, In Quarantäne, [51f35860434700365e2ce08819eabc44], PUP.Optional.WebCake.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [97adfeba92f8a294dde1d2ce29da718f], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [97adfeba92f8a294dde1d2ce29da718f], PUP.BundleInstaller.VG, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Video Downloader, In Quarantäne, [4ff590282f5bdc5abba79d23c13fa45c], PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2801948, In Quarantäne, [62e2c8f01a707eb8acbc94f1eb1adf21], PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}, In Quarantäne, [6ed6d4e44347d75f6e4c1b6358adb947], PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2801948, In Quarantäne, [67dde6d2f694d75f32366520ae57ba46], PUP.Optional.Generalcrawler.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dednnpigldgdbpgcdpfppmlcnnbjciel, In Quarantäne, [aa9a665290fa0c2a940d88e5c0458a76], PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, In Quarantäne, [a99b72462f5b1f17f445be8af60f9769], PUP.Optional.MediaFinder.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lpmkgpnbiojfaoklbkpfneikocaobfai, In Quarantäne, [33119e1acac01c1a6d3571fcd62f3bc5], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D0F19BE0-B4D5-4E81-ADEA-C00F24C90FA8}, In Quarantäne, [063ec0f8e2a8d165f9831f63e12439c7], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DF8D8370-E00B-4243-839A-728E803720F6}, In Quarantäne, [4004eccc92f889ad91eaee9495709b65], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2665D07-8D6D-412D-A4AA-E7C20AB481E4}, In Quarantäne, [380cb404c9c1dd595627d8aa4db8fd03], PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E40897FA-2469-47A4-A29C-53C900030D40}, In Quarantäne, [162e932568222115d4b4e99bb4516d93], PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR, In Quarantäne, [c1838434d2b89f971d542be09b69c23e], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\1ClickDownload, In Quarantäne, [b98b3781c5c52313a6e9a9a6ca3b3cc4], PUP.Optional.SmartBar, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\SmartbarBackup, In Quarantäne, [073dbbfd17732f075ad4e77f947143bd], PUP.Optional.SmartBar, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\SmartbarLog, In Quarantäne, [73d112a6d8b2b68075b887dfdd2842be], PUP.Optional.WebSearches.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\SupHpUISoft, In Quarantäne, [073d33857218aa8c58d134dc31d3a15f], PUP.Optional.GenericAddon.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, In Quarantäne, [78ccad0b2c5ef93dffb0d9332dd7639d], PUP.Optional.PlusHD.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.6, In Quarantäne, [b490e7d1bad01b1bbad7022a38ccec14], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [c381635565254beb1e6ffd3b11f322de], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLCORE, In Quarantäne, [23217642eb9f1b1b85bda6a87e87e61a], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD, In Quarantäne, [48fcb602ddad72c4fcbf1cf28d771ce4], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [5ce883350b7f2511db43b29c1bea24dc], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [f05401b7c6c472c41c338ed40ef71ae6], PUP.Optional.PlusHD.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.6, In Quarantäne, [48fc793f9cee201650416dbf679de917], PUP.Optional.LyricsAd.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BB43A0A3-3F51-CCE3-D565-A22150A9CF21}, In Quarantäne, [e95b6058d5b53ff79f496ecf5ea8fb05], PUP.Optional.LyricsAd.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{BB43A0A3-3F51-CCE3-D565-A22150A9CF21}, In Quarantäne, [e95b6058d5b53ff79f496ecf5ea8fb05], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], Registrierungswerte: 14 PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{338B4DFE-2E2C-4338-9E41-E176D497299E}, ä·¾ã??⸬ä?¸ä??ç?¡é??鸩, In Quarantäne, [51f35860434700365e2ce08819eabc44] PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{338B4DFE-2E2C-4338-9E41-E176D497299E}, In Quarantäne, [7aca91275535df572e5c204849ba18e8], PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}|URL, hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}, In Quarantäne, [6ed6d4e44347d75f6e4c1b6358adb947] PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}|SuggestionsURL_JSON, hxxp://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=417&qu={searchTerms}&ft=json, In Quarantäne, [a1a39a1e6b1f1c1a0dadb4cacb3a40c0] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d0f19be0-b4d5-4e81-adea-c00f24c90fa8}|AppName, Plus-HD-1.6-buttonutil.exe, In Quarantäne, [063ec0f8e2a8d165f9831f63e12439c7] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{df8d8370-e00b-4243-839a-728e803720f6}|AppName, Plus-HD-1.6-bg.exe, In Quarantäne, [4004eccc92f889ad91eaee9495709b65] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e2665d07-8d6d-412d-a4aa-e7c20ab481e4}|AppName, Plus-HD-1.6-codedownloader.exe, In Quarantäne, [380cb404c9c1dd595627d8aa4db8fd03] PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E40897FA-2469-47A4-A29C-53C900030D40}|AppPath, C:\Users\Marrel\AppData\Local\Conduit\CT2801948, In Quarantäne, [162e932568222115d4b4e99bb4516d93] PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR|DisplayName, webinstr, In Quarantäne, [c1838434d2b89f971d542be09b69c23e] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLCORE|tb, 0N2X1N, In Quarantäne, [23217642eb9f1b1b85bda6a87e87e61a] PUP.Optional.Snapdo.T, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [3d07c4f4e2a8ee48dcfe8e87659fe719] PUP.Optional.SnapDo.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013, In Quarantäne, [1e26b8000684dd59e118eb922ed7ec14] PUM.Bad.Proxy, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, In Quarantäne, [202403b5aedcd3632d59abbb2ed7ff01] PUP.Optional.Snapdo.T, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [a89cccec6f1bca6cffdb22f3d82cea16] Registrierungsdaten: 5 PUP.Optional.SnapDo.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013),Ersetzt,[2d17b4042e5ceb4b8d0361cd2adc57a9] PUP.Optional.Conduit, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948),Ersetzt,[61e3635592f83006b161dd5c51b5619f] PUP.Optional.Snapdo, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013),Ersetzt,[69db26924a4092a435fc5fda8c7aa858] PUP.Optional.Snapdo, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013),Ersetzt,[4ef67c3cec9ee254969bbc7dd82e27d9] PUP.Optional.Snapdo, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013),Ersetzt,[82c22098e6a4b185eb46ad8c43c36799] |
|
09.06.2015, 01:24
| #6 |
| | Antwort Teil 2 von 2 mbam.txt (Teil2): Code:
ATTFilter Ordner: 77
PUP.Optional.SoftwareUpdater.A, C:\Users\Marrel\AppData\Local\SwvUpdater, In Quarantäne, [c97b8335d8b276c08a0ca273c53fd828],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\update, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\defaults, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\defaults\preferences, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\userCode, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\locale, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\locale\en-US, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\B742A905FB2C41D78C56DBAF20F6C63E, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.Datamngr.A, C:\Users\Marrel\AppData\LocalLow\DataMngr, In Quarantäne, [f94b56622961171fcea0803b05fe0000],
PUP.Optional.Datamngr.A, C:\Users\X\AppData\LocalLow\DataMngr, In Quarantäne, [fe462593e5a568cee48a219a689b26da],
PUP.Optional.SearchQu.A, C:\Users\Marrel\AppData\LocalLow\searchquband, In Quarantäne, [f74d23955535989e7ec3efd5aa5945bb],
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchquband, In Quarantäne, [5aea3e7a6e1c42f41c25c8fc22e159a7],
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.MediaFinder.A, C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions, In Quarantäne, [50f43f796723fd396d517f4a659e4fb1],
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7],
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\Logs, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\AddedAppDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DefualtImages, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DetectedAppDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarUntrustedAppsApprovalDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UninstallDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAddedAppDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppApprovalDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppPendingDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Logs, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\MyStuffApps, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\RadioPlayer, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\AppsMetaData, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\DynamicDialogs, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\SearchInNewTab, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\UserDefinedItems, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Betcat.A, C:\Program Files (x86)\Betcat, In Quarantäne, [0f35586092f816209d878a494db6758b],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\update, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.SmartBar.A, C:\Users\Marrel\AppData\LocalLow\Smartbar, In Quarantäne, [0a3aac0c9ceea195619a4197e320956b],
Dateien: 471
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\Web Cake\WebCakeDesktop.exe, In Quarantäne, [a89c2e8a3e4c261025676bb56c94d32d],
PUP.Optional.WebCake.A, C:\Program Files (x86)\WDesktop.Updater.exe, In Quarantäne, [d3719f191d6d0036964fef51e021857b],
PUP.Optional.TenkiTechnology, C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe, In Quarantäne, [f4509b1d6a20280e90a4d922c73e8080],
PUP.BundleInstaller.VG, C:\Program Files (x86)\vGrabber-software\Uninstall.exe, In Quarantäne, [4ff590282f5bdc5abba79d23c13fa45c],
PUP.Optional.Downloader, C:\Users\X\Downloads\Setup.exe, In Quarantäne, [e85c00b8a6e480b6b83c00c0867ba060],
PUP.Optional.SnapDo.A, C:\Windows\Installer\10c081.msi, In Quarantäne, [0e3610a8aedce84e657ec7f2f011956b],
PUP.Optional.BoostSaves.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [9ea63c7cf69489ad0ff3aa54f90a30d0],
PUP.Optional.BoostSaves.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [2f155662701af541b15143bb1fe48d73],
PUP.Optional.AZLyrics.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, In Quarantäne, [96ae70487e0c43f3570548b7f11206fa],
PUP.Optional.AZLyrics.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, In Quarantäne, [1430e7d199f18caac19bac53d52e22de],
PUP.Optional.SmartBar.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage, In Quarantäne, [f84c9b1d91f9b581b69f40c0739144bc],
PUP.Optional.SoftwareUpdater.A, C:\Users\Marrel\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [c97b8335d8b276c08a0ca273c53fd828],
PUP.Optional.SoftwareUpdater.A, C:\Users\Marrel\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [c97b8335d8b276c08a0ca273c53fd828],
PUP.Optional.Boost.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [69dbdbdd9befc86e3e7e31e436ce38c8],
PUP.Optional.Boost.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [a79dd5e396f4d75fb903f61f25df7a86],
PUP.Optional.BetterDeals.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, In Quarantäne, [8fb5199f73171422549e6ab4c1430000],
PUP.Optional.BetterDeals.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, In Quarantäne, [2c1813a51575aa8c15dd6ab406febd43],
PUP.Optional.BetterDeals.A, C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, In Quarantäne, [a59f2d8b1e6c40f66b87b86635cfbd43],
PUP.Optional.BetterDeals.A, C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, In Quarantäne, [72d2deda62281224f00242dc0df721df],
PUP.Optional.WebSearch.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\searchplugins\Web Search.xml, In Quarantäne, [74d0feba3d4d9e9878be72bd60a4ab55],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\PlugIns.cache, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Desktop.OS.dll, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Maintain.dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Paladin.dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Phoenix.dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\sqlite3.dll, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab],
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab],
PUP.Optional.GoForFiles.A, C:\Windows\System32\Tasks\GoforFilesUpdate, In Quarantäne, [6ed612a6305a8aac4a31bcb656af52ae],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\crossrider_statusbar.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button1.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button2.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button3.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button4.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button5.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon128.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon16.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon24.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon48.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\panelarrow-up.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\popup.html, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\skin.css, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\update.css, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome.manifest, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\install.rdf, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\02a9c269051829379cd630c52a091b7a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\12003967a191158edc4904431aae51cd.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\328189f4d73467fb2190ecaf3d671d8a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\a38f4b69efdf528d9506dc01dfba3e9f.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\af183a7e59b2464e92b16ffe87ce98db.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\background.html, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\browser.xul, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\df208b5e112e82a3d5d00b093a11ed2f.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\dialog.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\options.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\options.xul, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\search_dialog.xul, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\8b6ab5faf449df2131c181704b8582c8.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\25014a20443a0984003dba6aabbce423.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\330aa28bf45574a206050e43b81a2e49.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\356fddfb2192d9e878b4b8408e6f4715.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\62c40d1cfa2a8bb94a99adc1d18d3c17.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\67b300761625a1d68c46af0f062037d5.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\6870b82ad271e942dad4daa32a99b5ff.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\75ff371374ec1cd65c1c0e1b77fbd056.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\852264ee44826963d6950ee5ca54617f.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\ad4d3060dd8750bcf396db9f62aec8e1.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\aff9d32646e76cd9b52d66342d749d34.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\b36be4161e22eb542b816b8931d406e2.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\bea2a1afe893455f42dab3f330a1082a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\d2cf06174b2ceef0a67e4ba71e83f3ed.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\e1747851164f73fdfc14fb3a4d52f735.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\ed4682e2c2e61e2ac0289e0f62cb139b.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\b2edde9e1cce89e0130e33730d622816.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\07675462ec165f63e37bf0e5f77a094d.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\25f0af42aacd4f2dc7669113b9310e89.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\26710fd9c340278a7836597d0d53834c.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\26d4f5c9e6a5b50a99eef7e301d70666.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\271d2beb8d3490b68559491b5b6cf01b.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\2ea7f19ab93e05e03e19eefa22321927.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\40167ff17de4b7cf86e6b17f6086b2ed.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\41a36be649307ab73fbf720a142f5b58.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\44176983eccaea47c2b4ce013dfbdb94.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\962edfb4be02dc81880d52ac8d031286.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\98574c5ea83976a99721924e068bc40a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\b092db29bbad9f6f6f07886989e3a4aa.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\b1d92297197df6ee24db5115ef4b8192.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\c0924b5cab2e9413318a6a98f8471251.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\c4b508947bf1e686784b130c77bf1a24.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\dede528f9df401156d71de84fc8df72d.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\dff606b25e97c23684214398950d088b.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\fda0e17bff10f0a3c60a1fb963aeb512.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\fdcb884af90fe4aeb32b6436f6797c95.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\installer.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\defaults\preferences\prefs.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\manifest.xml, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins.json, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\102.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\13.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\14.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\16.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\17.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\178.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\195.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\220.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\246.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\253.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\263.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\345.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\354.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\4.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\47.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\64.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\7.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\78.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\9.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\91.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\93.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\userCode\background.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\userCode\extension.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\locale\en-US\translations.dtd, In Quarantäne, [c4807345aedc16203dab710b50b5d729],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\5260.ico, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\conduitinstaller.exe, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\OCBrowserHelper_1.0.5.112.dll, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\B742A905FB2C41D78C56DBAF20F6C63E\TuneUpUtilities2013-2200218_de-DE.exe, In Quarantäne, [56eea3157a105dd9a73ddbda03007090],
PUP.Optional.Datamngr.A, C:\Users\Marrel\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [f94b56622961171fcea0803b05fe0000],
PUP.Optional.Datamngr.A, C:\Users\X\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [fe462593e5a568cee48a219a689b26da],
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\dtx.ini, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad],
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\guid.dat, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad],
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\log.txt, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad],
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\preferences.dat, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome.manifest, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\install.rdf, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\icon.png, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\main.js, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\overlay.xul, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\background.html, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\icon128.png, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\icon16.png, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\icon48.png, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\manifest.json, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\script.js, In Quarantäne, [0d377b3d612992a486370bbeb44fd828],
PUP.Optional.MediaFinder.A, C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx, In Quarantäne, [50f43f796723fd396d517f4a659e4fb1],
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\ldrtbNCH_.dll, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7],
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\tbNCH_.dll, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7],
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\toolbar.cfg, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ldrtbNCH_.dll, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\tbNCH_.dll, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ThirdPartyComponents.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\toolbar.cfg, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634733954948152887_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634787844809773210_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634816859809670790_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_PopUpBlocker-03_gif-Shiny-634223929360968750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_38_2ca_3891fffa-0564-431b-a0b7-b94ea9f192ca_Thumbnail_634653519259561565_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_92_fdd_9278f259-cbb0-4e3b-9711-e13d36f55fdd_Thumbnail_634374241400443754_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_flurries_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_snow_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637555161093750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717188112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734346081250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734761862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735153112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735566081250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735840300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_45_203_CT2038145_Images_633628017266675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637554254375000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_07_ddd_07caac71-eac9-4963-9fa6-f6c1cc836ddd_Appearance_634581083935348787_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642308275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642347650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642391868750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642426400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642461087500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642507025000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642551400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642638587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642673743750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642707181250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642737650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642769212500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642807650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642838431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642876556250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642916400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643010775000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643052806250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643105150000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643143900000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643184212500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643245462500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643283275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643319056250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643398431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643436087500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643468587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643505775000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643543431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643598275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643637650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643718587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643754681250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643795931250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643839993750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633936819456468750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252648000000_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252976750000_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223254379406250_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223255083468750_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634709842924903382_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634709843396778382_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637556125468750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637557088906250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716861862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716928737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717003737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717076393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655641918900000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642019837500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642057650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642098587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642135462500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642176400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642233431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738224675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738258425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738311393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738350925000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738403581250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738499675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738555300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737755456250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737804987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737880612500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737917018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737956550000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737988425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738030300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737462018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737494675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737531706250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737572331250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737605925000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737647487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737682800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736867487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736904987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736937643750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736969518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737014050000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737065612500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737144050000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642967493750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643356868750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643682493750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634723732255026399_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_mail_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_2e_33e_2ec9e65c-72a4-4035-8a0e-06a6f1e0533e_Appearance_634394279015031252_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736489675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736543268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736592018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736642175000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736686862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736728737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736765456250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736175300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736222643750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736253112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736296237500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736337331250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736374831250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736409675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735883268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735924518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735957800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735999987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736038893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736078737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736116706250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735597643750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735635300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735672487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735702018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735734362500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735772956250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735806393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735187487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735227018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735260300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735296393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735342175000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735383893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735423893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735467331250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735526550000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733928425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733969518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734005143750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734064206250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734099518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734144831250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734198268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734242800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734306862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736449675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736832018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737428268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737718737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738178112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738609987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642273587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736145768750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642588275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734850768750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734920300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734953737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734993425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735038893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735080143750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735121862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734383425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734427175000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734476706250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734525300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734567800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734629831250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734684050000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_news_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_notepad_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_timer_alarm_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_tools_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_eula_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankimages_silkset_control_play_blue_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_about_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_configure_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_games_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\RoundedCornersIE9.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DialogsAPI.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\excanvas.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\generalDialogStyle.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\PIE.htc, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\RoundedCorners.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\settings.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\version.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\AddedAppDialog\app-added.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\AddedAppDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DefualtImages\icon.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DetectedAppDialog\app-2go.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DetectedAppDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog\right-click.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\SearchProtector.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\SearchProtector.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images\ok-button.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images\separation-line.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images\warning.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\bubble.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\bubble.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\information.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\SearchProtector.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\SearchProtector.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images\info.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images\ok-on.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images\ok.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\divider.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAddedAppDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppApprovalDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppPendingDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\AccountTypes.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\aol.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\comcast.net.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\google.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\hotmail.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\yahoo.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\RadioPlayer\IP_Stations_Media_List.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\RadioPlayer\Predefined_Media_List.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\AppsMetaData\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\AppsMetaData\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\DynamicDialogs\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\DynamicDialogs\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\SearchInNewTab\SearchInNewTabContent.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\PlugIns.cache, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\bsvc.dll, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\cst.exe, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\DIBS.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Dora.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Maintain.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Paladin.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Phoenix.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\sqlite3.dll, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6],
PUP.Optional.SmartBar.A, C:\Users\Marrel\AppData\LocalLow\Smartbar\smartbar_state.config, In Quarantäne, [0a3aac0c9ceea195619a4197e320956b],
PUP.Optional.SnapDo.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&installDate=18/07/2013&q=");), Ersetzt,[79cb47711179c076eee8b8c0f31331cf]
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "13f5fe8fd2a0139105ec54c2d5586137");), Ersetzt,[093bb107e7a3c96d4cc6b5c5e91d9f61]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
 |
|
09.06.2015, 20:22
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2015, 07:45
| #8 |
| | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? Hallo, habe das Gefühl, dass der Computer schon etwas weniger ausgelastet ist und flüssiger läuft. log.txt: Code:
ATTFilter SETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=95f0714eb9f96b4ea1f62ce4119d6b36
# end=init
# utc_time=2015-06-10 01:13:39
# local_time=2015-06-10 03:13:39 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24254
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=95f0714eb9f96b4ea1f62ce4119d6b36
# end=updated
# utc_time=2015-06-10 01:20:06
# local_time=2015-06-10 03:20:06 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=95f0714eb9f96b4ea1f62ce4119d6b36
# engine=24254
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-10 03:56:29
# local_time=2015-06-10 05:56:29 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 29575273 185538439 0 0
# scanned=323317
# found=25
# cleaned=0
# scan_time=9383
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=AF30C69B7002B44624735FFD6D87A2B90A2E1C85 ft=1 fh=6e845fa31fcfc7c2 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marrel\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=769727FD17408B4FB051A5062DAE6C45EFDE7288 ft=1 fh=f7eaf69907b5b1c6 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marrel\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=4DFDDD41FEC5F240AFAB959EDA0FC39925E02F2A ft=1 fh=adb82df7b379013a vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marrel\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=D346F1465889454724C24D34CB837B66ED7BCD14 ft=1 fh=c288b6bd4b45185a vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\D\NOW\Setup_FreeScreenVideo_2.0.exe"
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe"
sh=3F20DC68A6AAC23C4702D16C8A5388DCFE591AEA ft=1 fh=e5e2264a283a7f45 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe"
sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\HC2Setup.exe"
sh=E6035F57C9ED5851EC80A685584F30E606CC5691 ft=1 fh=d6f58f2e704945b6 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe"
sh=C46EF546071D58F96C4A03E5957D6A82AA46EDA5 ft=1 fh=79f3d99fac1ce92b vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe"
sh=ED4524DD9C62A6A76D7BED2AC3413277C43A6BA0 ft=1 fh=7a55241aa52eb8e3 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe"
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe"
sh=7DC0380F98D20D221FA5F1351D2BEA73BC1F18F8 ft=1 fh=886335d40a7a3027 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
sh=F66E4E770C6F98F1BBF25B4D522BDB18F23226F5 ft=1 fh=48a4d2c95a5438b3 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001"
sh=C5B65183EA7991E96E9C13BC494C256A5299879A ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OSM Trojaner" ac=I fn="C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae"
sh=EBB0EE4A08C80C4E2A27315712646C6E42EC2A30 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll"
sh=73ABD5B1D81F527FD64AA6539E53BCA8E1BB1C00 ft=1 fh=08a96f1f2a78df02 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe"
sh=83488E2D31B7C9AE0CFADBB54E8DE2DCCAC081F4 ft=1 fh=eacef1118aa55933 vn="Variante von Win32/SoftPulse.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
Code:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Norton Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 40 Java version 32-bit out of Date! Adobe Flash Player 11.4.402.278 Flash Player out of Date! Adobe Reader XI Mozilla Firefox 35.0 Firefox out of Date! Google Chrome (43.0.2357.124) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST(3): Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015 Ran by Marrel (administrator) on Marrel-PC on 10-06-2015 06:30:14 Running from C:\Users\Marrel\Desktop Loaded Profiles: Marrel & postgres (Available Profiles: Marrel & X & postgres) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe (Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\calc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] () HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] () HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File Toolbar: HKLM-x32 - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.) Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: [NameServer] 193.189.244.225 193.189.244.206 FireFox: ======== FF ProfilePath: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] () FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts) FF Extension: Avira Browser Safety - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\abs@avira.com [2014-12-25] FF Extension: Internet Turbo - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c} [2013-12-11] FF Extension: TurnTool Viewer - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\ViewerInstall.xpi [2013-01-30] FF Extension: Adblock Plus - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2012-03-23] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-10] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-15] FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: No Name - C:\Program Files (x86)\ver3a2zLyrics\178.xpi [not found] FF Extension: No Name - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com [not found] Chrome: ======= CHR Profile: C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-01] CHR Extension: (Adblock Plus) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21] CHR Extension: (Bookmark Manager) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG) R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [841248 2010-02-26] (Acer Incorporated) S3 FirebirdServerMAGIXInstance; C:\Software\Musikrecorder\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed] R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-03] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-17] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-24] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-23] (Symantec Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [488568 2012-04-28] (Symantec Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [120440 2012-05-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2068600 2012-05-16] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2013-12-08] () R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-24] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 06:29 - 2015-06-10 06:29 - 00001167 _____ C:\Users\Marrel\Desktop\checkup.txt 2015-06-10 06:14 - 2015-06-10 06:14 - 00852639 _____ C:\Users\Marrel\Downloads\SecurityCheck.exe 2015-06-10 03:12 - 2015-06-10 03:12 - 02870984 _____ (ESET) C:\Users\Marrel\Downloads\esetsmartinstaller_deu.exe 2015-06-09 12:35 - 2015-06-09 12:35 - 00001271 _____ C:\Users\Marrel\Desktop\Handschrift.txt 2015-06-09 10:38 - 2015-06-09 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-09 01:31 - 2015-06-09 01:37 - 00032005 _____ C:\Users\Marrel\Desktop\FRST2.txt 2015-06-09 00:32 - 2015-06-09 00:39 - 00011254 _____ C:\Users\Marrel\Desktop\JRT.txt 2015-06-09 00:25 - 2015-06-09 00:25 - 00000207 _____ C:\Windows\tweaking.com-regbackup-Marrel-PC-Windows-7-Home-Premium-(64-bit).dat 2015-06-09 00:25 - 2015-06-09 00:25 - 00000000 ____D C:\RegBackup 2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 ____D C:\Users\Marrel\AppData\Local\NewTech Infosystems 2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 _____ C:\Windows\JCMKR32.INI 2015-06-09 00:18 - 2015-06-09 00:18 - 02943232 _____ (Thisisu) C:\Users\Marrel\Downloads\JRT.exe 2015-06-09 00:08 - 2015-06-09 01:28 - 00015093 _____ C:\Users\Marrel\Desktop\AdwCleaner[S0].txt 2015-06-09 00:00 - 2015-06-09 00:04 - 00000000 ____D C:\AdwCleaner 2015-06-08 23:57 - 2015-06-09 01:25 - 00121247 _____ C:\Users\Marrel\Desktop\mbam.txt 2015-06-08 22:26 - 2015-06-08 22:26 - 02231296 _____ C:\Users\Marrel\Downloads\AdwCleaner_4.206.exe 2015-06-08 22:23 - 2015-06-08 22:23 - 00000710 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ Malwarebytes Anti-Malware 2015-06-08 22:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-08 22:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-08 22:19 - 2015-06-08 22:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marrel\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-08 10:50 - 2015-06-08 10:50 - 00022376 _____ C:\Users\Marrel\Desktop\Combofix.txt 2015-06-08 10:44 - 2015-06-08 10:44 - 00022444 _____ C:\ComboFix.txt 2015-06-08 10:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-06-08 10:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-06-08 10:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-06-08 10:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-06-08 10:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-06-08 10:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-06-08 10:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-06-08 10:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-06-08 10:11 - 2015-06-08 10:44 - 00000000 ____D C:\Qoobox 2015-06-08 10:11 - 2015-06-08 10:42 - 00000000 ____D C:\Windows\erdnt 2015-06-08 10:09 - 2015-06-08 10:09 - 05628238 ____R (Swearware) C:\Users\Marrel\Downloads\ComboFix.exe 2015-06-08 09:14 - 2015-06-08 09:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marrel\Downloads\revosetup95.exe 2015-06-08 09:14 - 2015-06-08 09:14 - 00000748 _____ C:\Users\Marrel\Desktop\Revo Uninstaller.lnk 2015-06-08 02:47 - 2015-06-08 02:47 - 00000012 _____ C:\Users\Marrel\Desktop\fghhj.txt 2015-06-08 01:47 - 2015-06-08 01:54 - 00000476 _____ C:\Users\Marrel\Desktop\defogger_disable.log 2015-06-08 01:39 - 2015-06-08 01:54 - 00002409 _____ C:\Users\Marrel\Desktop\Gmer.txt 2015-06-08 00:46 - 2015-06-08 00:46 - 00380416 _____ C:\Users\Marrel\Downloads\Gmer-19357.exe 2015-06-08 00:29 - 2015-06-08 00:29 - 00000000 _____ C:\Users\Marrel\defogger_reenable 2015-06-08 00:23 - 2015-06-08 00:23 - 00000246 _____ C:\Windows\SysWOW64\defogger_enable.log 2015-06-08 00:21 - 2015-06-08 00:29 - 00000474 _____ C:\Windows\SysWOW64\defogger_disable.log 2015-06-08 00:17 - 2015-06-08 01:41 - 00026371 _____ C:\Users\Marrel\Desktop\Addition.txt 2015-06-08 00:14 - 2015-06-10 06:30 - 00021968 _____ C:\Users\Marrel\Desktop\FRST.txt 2015-06-08 00:13 - 2015-06-10 06:30 - 00000000 ____D C:\FRST 2015-06-08 00:13 - 2015-06-08 00:13 - 02108928 _____ (Farbar) C:\Users\Marrel\Desktop\FRST64.exe 2015-06-08 00:12 - 2015-06-08 00:12 - 00050477 _____ C:\Users\Marrel\Desktop\Defogger (1).exe 2015-06-08 00:11 - 2015-06-08 00:11 - 00050477 _____ C:\Users\Marrel\Downloads\Defogger.exe 2015-06-07 21:13 - 2015-06-10 03:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-07 21:13 - 2015-06-08 23:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-06-07 21:11 - 2015-06-08 01:14 - 00000000 ____D C:\Users\Marrel\Desktop\mbar 2015-06-07 21:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-07 21:10 - 2015-06-07 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marrel\Downloads\mbar-1.09.1.1004.exe 2015-06-07 20:19 - 2015-06-07 20:19 - 00276928 _____ C:\Windows\Minidump\060715-29686-01.dmp 2015-06-07 20:06 - 2015-06-07 20:06 - 00276928 _____ C:\Windows\Minidump\060715-30217-01.dmp 2015-06-06 23:40 - 2015-06-06 23:40 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\SitNGoWizard 2015-06-06 23:25 - 2015-06-06 23:28 - 110090565 _____ C:\Users\Marrel\Downloads\8311_Hm2AutoUpdate.exe 2015-06-06 04:30 - 2015-06-06 04:30 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk 2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2015-06-06 01:21 - 2015-06-06 01:21 - 00000000 ____D C:\bildschirm 2015-05-19 16:55 - 2015-05-19 16:56 - 00000000 ____D C:\Users\Marrel\Documents\UniversalReplayer 2015-05-19 16:54 - 2015-05-19 17:36 - 00002180 _____ C:\Users\Marrel\URPreferences.xml 2015-05-19 16:44 - 2015-05-19 16:44 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer (1).jnlp 2015-05-19 16:43 - 2015-05-19 16:44 - 00562272 _____ (Oracle Corporation) C:\Users\Marrel\Downloads\chromeinstall-8u45.exe 2015-05-19 16:40 - 2015-05-19 16:41 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer.jnlp 2015-05-17 02:59 - 2015-05-17 02:59 - 00010940 _____ C:\Users\Marrel\Documents\pokerbook.odt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 06:03 - 2012-04-09 03:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-10 04:03 - 2012-04-09 03:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-10 03:39 - 2012-03-23 22:39 - 01120067 _____ C:\Windows\WindowsUpdate.log 2015-06-10 03:14 - 2012-03-24 07:31 - 22411152 _____ C:\Windows\system32\perfh007.dat 2015-06-10 03:14 - 2012-03-24 07:31 - 07220880 _____ C:\Windows\system32\perfc007.dat 2015-06-10 03:14 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-10 03:08 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-10 03:08 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-10 02:57 - 2014-07-31 03:28 - 00062630 _____ C:\Windows\setupact.log 2015-06-10 02:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-09 13:31 - 2013-07-25 00:45 - 00000058 _____ C:\Windows\ChssBase.ini 2015-06-09 10:35 - 2014-02-12 00:12 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-09 10:35 - 2014-02-12 00:12 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-09 00:05 - 2014-07-31 20:20 - 00466484 _____ C:\Windows\PFRO.log 2015-06-09 00:03 - 2015-01-14 10:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-06-08 23:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors 2015-06-08 23:45 - 2014-10-06 02:05 - 00000000 ____D C:\Program Files (x86)\FreeHideIP 2015-06-08 23:01 - 2012-04-30 13:40 - 00000000 ____D C:\Users\Marrel\AppData\Local\Equilab 2015-06-08 22:23 - 2013-07-18 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-08 10:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-06-08 10:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-06-08 10:33 - 2012-05-11 15:12 - 00000000 ____D C:\Users\postgres 2015-06-08 09:20 - 2014-09-15 18:08 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Skype 2015-06-08 00:29 - 2012-03-23 23:11 - 00000000 ____D C:\Users\Marrel 2015-06-07 20:43 - 2012-05-11 15:24 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\HoldemManager 2015-06-07 20:23 - 2012-03-24 00:07 - 00000000 ____D C:\Users\Marrel\AppData\Local\PokerStars.EU 2015-06-07 20:22 - 2014-03-18 12:20 - 00000000 ____D C:\a 2015-06-07 20:19 - 2013-05-06 18:36 - 00000000 ____D C:\Windows\Minidump 2015-06-07 20:18 - 2014-07-31 20:20 - 468712171 _____ C:\Windows\MEMORY.DMP 2015-06-06 23:33 - 2012-05-11 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2 2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\ProgramData\NCH Software 2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\NCH Software 2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Program Files (x86)\NCH Software 2015-06-05 03:49 - 2015-02-19 01:27 - 00004305 _____ C:\blitzerr.txt 2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ____D C:\ProgramData\Skype 2015-05-25 20:23 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-20 20:02 - 2014-10-06 02:04 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412553844 2015-05-20 20:02 - 2014-10-06 02:04 - 00000000 ____D C:\Program Files (x86)\Opera 2015-05-17 03:58 - 2012-04-09 03:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 03:58 - 2012-04-09 03:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-13 20:20 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini ==================== Files in the root of some directories ======= 2014-03-21 03:27 - 2014-03-21 03:27 - 0072341 _____ () C:\Users\Marrel\AppData\Roaming\Debut.dmp 2013-12-08 21:30 - 2013-12-08 21:30 - 0001181 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt 2013-12-08 21:30 - 2013-12-08 21:30 - 0000000 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\bass.dll 2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\basscd.dll 2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Marrel\AppData\Local\CDRip.dll 2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Marrel\AppData\Local\No23 Recorder.exe 2014-12-01 18:35 - 2014-12-01 18:35 - 0001456 _____ () C:\Users\Marrel\AppData\Local\RecConfig.xml 2012-06-04 09:59 - 2015-01-12 00:30 - 0007593 _____ () C:\Users\Marrel\AppData\Local\Resmon.ResmonCfg 2013-06-15 00:39 - 2013-06-24 23:54 - 0001181 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Marrel\AppData\Local\Temp\avgnt.exe C:\Users\Marrel\AppData\Local\Temp\Quarantine.exe C:\Users\Marrel\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-26 06:21 ==================== End of log ============================ |
|
10.06.2015, 18:49
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\D\NOW\Setup_FreeScreenVideo_2.0.exe
C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe
C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe
C:\Software\Videorecorder\HC2Setup.exe
C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe
C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe
C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe
C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe
C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001
C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll
C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe
C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2015, 03:41
| #10 |
| | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? Jo, hier das fixlog (habe zweimal gefixt, weil ich beim ersten Mal was vergessen habe): Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Marrel at 2015-06-10 21:39:31 Run:2
Running from C:\Users\Marrel\Desktop
Loaded Profiles: Marrel & postgres (Available Profiles: Marrel & & postgres)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\D\NOW\Setup_FreeScreenVideo_2.0.exe
C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe
C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe
C:\Software\Videorecorder\HC2Setup.exe
C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe
C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe
C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe
C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe
C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001
C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll
C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe
C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000
Emptytemp:
*****************
"C:\D\NOW\Setup_FreeScreenVideo_2.0.exe" => File/Folder not found.
"C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe" => File/Folder not found.
"C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe" => File/Folder not found.
"C:\Software\Videorecorder\HC2Setup.exe" => File/Folder not found.
"C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe" => File/Folder not found.
"C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe" => File/Folder not found.
"C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe" => File/Folder not found.
"C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe" => File/Folder not found.
"C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe" => File/Folder not found.
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 => moved successfully.
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001 => moved successfully.
C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll => moved successfully.
C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe => moved successfully.
C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 => moved successfully.
EmptyTemp: => 11.6 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 21:39:56 ====
Mit dem physikalischen Speicher habe ich aktuell keine großen Probleme. Wenn ich nicht viel mache ist dieser ungefähr bei 35% und bei größeren Aktionen meist immernoch unter 60%. Fällt dir noch was ein zum optimieren? Ansonsten danke für den Support  |
|
12.06.2015, 17:55
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? passt  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? |
| .com, adware, antivirus, avira, browser, converter, desktop, device driver, downloader, firefox, flash player, ftp, iexplore.exe, internet, internet explorer, maleware, mp3, officejet, scan, security, sekunden, server, symantec, system, usb, werbung, windows |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
