|
Plagegeister aller Art und deren Bekämpfung: Youporndeutsch.co Virus/Maleware?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.08.2015, 23:16 | #1 |
| Youporndeutsch.co Virus/Maleware? Hallo, ich habe hier den Laptop einer Freundin, und sie hat folgendes Problem. Sie war, so wie sie sagte, auf Kinox.to unterwegs und plötzlich ist im IE die Seite www.youporndeutch.co/kategorien aufgesprungen. Diese lässt sich jetzt aber nicht mehr schließen, noch kann man den Laptop runterfahren. Generell ist er auch sehr langsam. Fotos öffnen oder andere Sachen öffnen, Fehlanzeige! In den Task-Manager komme ich auch nicht! Was kann ich hier machen? Gruß Phil |
05.08.2015, 05:43 | #2 |
/// the machine /// TB-Ausbilder | Youporndeutsch.co Virus/Maleware? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
05.08.2015, 11:20 | #3 |
| Youporndeutsch.co Virus/Maleware? War aber ne echt schwere Geburt das Programm runterzuladen und auszuführen.. hier aber jetzt die Logs...
__________________FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01 durchgeführt von MARKUS (Administrator) auf GHOST (05-08-2015 12:11:51) Gestartet von C:\Users\MARKUS\Desktop Geladene Profile: MARKUS (Verfügbare Profile: MARKUS) Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\StormWatch\StormWatchSrv.exe (Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe (Irrational Number Applications) C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (zik.mu) C:\Program Files\BubbleSound\3D BubbleSound.exe (Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe (PowerISO Computing, Inc.) I:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\StormWatch\StormWatchApp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Irrational Number Applications) C:\ProgramData\SqaSMuElYjF\dat\ZdtQfXQQRJN.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BCSSync] => I:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PWRISOVM.EXE] => i:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-27] (PowerISO Computing, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [StormWatch] => C:\Program Files (x86)\StormWatch\StormWatchApp.exe [1556504 2015-04-10] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [246544 2015-07-02] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [213776 2015-07-02] (Client Connect LTD) Startup: C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk [2015-07-19] ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013 HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013 HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013 SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=58&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E43C685D43956C66&affID=121136&tsp=5014 SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> I:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> I:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> I:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation) BHO-x32: PriceGong - Price Comparison -> {1631550F-191D-4826-B069-D9439253D926} -> C:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll [2013-07-02] (PriceGong) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software) BHO-x32: DealPly Shopping -> {9cf699ca-2174-4ed8-bec1-ba82095edce0} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll [2013-07-21] (DealPly) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - Keine Datei Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - Keine Datei Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - I:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2164B092-CA0E-4B90-9765-CA7FA1E1F1B4}: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3 FireFox: ======== FF ProfilePath: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: istartsurf FF SelectedSearchEngine: istartsurf FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=55&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&SSPV= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> I:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-09-24] (DealPly Technologies Ltd) FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-09-24] (DealPly Technologies Ltd) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\user.js [2012-06-12] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation) FF SearchPlugin: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\istartsurf.xml [2015-08-01] FF SearchPlugin: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\mixidj.xml [2013-09-23] FF SearchPlugin: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\trovi.xml [2015-07-19] FF Extension: CinemaPlus-4.2vV19.07 - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-07-19] FF Extension: Default SearchProtected - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\defsearchp@gmail.com [2015-07-19] FF Extension: deskCut - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\deskCutv2@gmail.com [2015-07-19] FF Extension: PriceGong - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2015-07-19] FF Extension: DealPly Shopping - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [2013-09-24] FF Extension: PricePeep - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-04-17] FF Extension: Adblock Plus - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-21] FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com FF Extension: Kein Name - I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [nicht gefunden] Chrome: ======= CHR Profile: C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05] CHR Extension: (Google Docs) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05] CHR Extension: (Google Drive) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05] CHR Extension: (PriceGong) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok [2015-08-05] CHR Extension: (YouTube) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05] CHR Extension: (Google Search) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05] CHR Extension: (Google Sheets) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05] CHR Extension: (Avast Online Security) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (Gmail) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05] CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.12\pricegong.crx [2013-07-02] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software) R2 aXUOwJ; C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe [2732024 2015-07-19] (Irrational Number Applications) S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-24] (DealPly Technologies Ltd) S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-24] (DealPly Technologies Ltd) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-28] () [Datei ist nicht signiert] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-24] () [Datei ist nicht signiert] S3 Microsoft SharePoint Workspace Audit Service; I:\Program Files\Microsoft Office\Office14\GROOVE.EXE [51740536 2011-06-12] (Microsoft Corporation) R2 StormWatch Update Service; C:\Program Files (x86)\StormWatch\StormWatchSrv.exe [586264 2015-04-10] () R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-24] (Duplex Secure Ltd.) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-08-05] () R1 wsfd_1_10_0_19; C:\Windows\System32\drivers\wsfd_1_10_0_19.sys [57728 2015-06-16] (WS) S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-05 12:12 - 2015-08-05 12:12 - 00001969 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-05 12:12 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Radio 2015-08-05 12:11 - 2015-08-05 12:12 - 00023433 _____ C:\Users\MARKUS\Desktop\FRST.txt 2015-08-05 12:11 - 2015-08-05 12:11 - 00000000 ____D C:\FRST 2015-08-05 12:10 - 2015-08-05 12:10 - 02169856 _____ (Farbar) C:\Users\MARKUS\Desktop\FRST64.exe 2015-08-05 12:09 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-05 12:08 - 2015-08-05 12:08 - 00004094 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-05 12:08 - 2015-08-05 12:08 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-05 12:08 - 2015-08-05 12:08 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-05 12:08 - 2015-08-05 12:08 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-05 12:06 - 2015-08-05 12:06 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-05 12:06 - 2015-08-05 12:06 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-08-05 12:06 - 2015-08-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-08-05 12:06 - 2015-08-05 12:05 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-05 12:05 - 2015-08-05 12:12 - 00001969 _____ C:\Users\Public\Desktop\speed browser.lnk 2015-08-05 12:05 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser 2015-08-05 12:05 - 2015-08-05 12:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-05 12:05 - 2015-08-05 12:05 - 00000000 ____D C:\Users\MARKUS\AppData\Local\speed browser 2015-08-05 12:05 - 2015-08-05 12:05 - 00000000 ____D C:\Program Files (x86)\speed browser 2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Program Files\Common Files\AV 2015-08-05 10:44 - 2015-08-05 10:44 - 00931408 _____ (Google Inc.) C:\Users\MARKUS\Downloads\ChromeSetup.exe 2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Deployment 2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Apps\2.0 2015-08-05 00:36 - 2015-08-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-08-04 23:55 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-04 23:55 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-04 23:54 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-08-04 23:54 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-08-04 23:54 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-08-04 23:54 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-08-04 23:54 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-08-04 23:54 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-08-04 23:53 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml 2015-08-04 23:53 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2015-08-04 23:53 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls 2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls 2015-08-04 23:52 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-08-04 23:52 - 2015-03-27 10:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll 2015-08-04 23:52 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-08-04 23:50 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2015-08-04 23:50 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2015-08-02 14:24 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-02 14:24 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-02 14:24 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-02 14:24 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-02 14:24 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-02 14:24 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-08-02 14:24 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-02 14:24 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-02 14:24 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-02 14:24 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-02 14:24 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-02 14:24 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-02 14:23 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-08-02 14:23 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-08-02 14:23 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-08-02 14:23 - 2015-05-09 01:39 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-02 14:23 - 2015-05-08 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-02 14:23 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-08-02 14:23 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-02 14:23 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-02 14:23 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-02 14:18 - 2015-08-02 14:18 - 00000000 ____D C:\ProgramData\Browser 2015-08-02 14:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-08-02 14:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-08-02 14:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2015-08-02 14:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-08-02 14:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-08-01 19:50 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-01 19:50 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-08-01 19:50 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-08-01 19:50 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-01 19:50 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-01 19:50 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-01 19:50 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-08-01 19:45 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-08-01 19:45 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2015-07-19 20:07 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong 2015-07-19 20:07 - 2015-08-05 10:09 - 00000000 ____D C:\Users\MARKUS\AppData\Local\avabvexvac 2015-07-19 20:07 - 2015-07-19 20:07 - 00003462 _____ C:\Windows\System32\Tasks\avabvexvac 2015-07-19 20:07 - 2015-07-19 20:07 - 00000823 _____ C:\Users\MARKUS\Desktop\3D BubbleSound.lnk 2015-07-19 20:07 - 2015-07-19 20:07 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0 2015-07-19 20:07 - 2015-07-19 20:07 - 00000000 ____D C:\Program Files\BubbleSound 2015-07-19 20:07 - 2015-07-19 20:07 - 00000000 ____D C:\Program Files (x86)\PriceGong 2015-07-19 20:06 - 2015-07-19 20:07 - 00000000 ____D C:\Users\MARKUS\AppData\Local\SearchProtect 2015-07-19 20:06 - 2015-07-19 20:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2015-07-19 20:06 - 2015-07-19 20:06 - 00000000 ____D C:\ProgramData\Vreaanknumlug 2015-07-19 20:06 - 2015-07-19 20:06 - 00000000 ____D C:\Program Files (x86)\WordShark_1.10.0.19 2015-07-19 20:05 - 2015-04-25 05:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-07-19 20:05 - 2015-04-25 01:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-07-19 20:01 - 2015-07-19 20:01 - 00000000 ____D C:\ProgramData\Uniblue 2015-07-19 20:00 - 2015-08-05 12:10 - 00000000 ____D C:\Users\MARKUS\AppData\Local\WebShield 2015-07-19 20:00 - 2015-08-05 12:07 - 00004508 _____ C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4.job 2015-07-19 20:00 - 2015-08-05 12:07 - 00003152 _____ C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7.job 2015-07-19 20:00 - 2015-07-19 20:24 - 00000000 ____D C:\Users\MARKUS\AppData\Local\gmsd_de_004010035 2015-07-19 20:00 - 2015-07-19 20:20 - 00000000 ____D C:\Program Files (x86)\gmsd_de_004010035 2015-07-19 20:00 - 2015-07-19 20:19 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-4.2vV19.07 2015-07-19 20:00 - 2015-07-19 20:17 - 00002126 _____ C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-10_user.job 2015-07-19 20:00 - 2015-07-19 20:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-07-19 20:00 - 2015-07-19 20:00 - 00007512 _____ C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4 2015-07-19 20:00 - 2015-07-19 20:00 - 00006156 _____ C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7 2015-07-19 20:00 - 2015-07-19 20:00 - 00002386 _____ C:\Users\Public\Desktop\Crossbrowse.lnk 2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\istartsurf 2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Weather_Protector_LLC 2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse 2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\Program Files (x86)\Crossbrowse 2015-07-19 19:59 - 2015-08-05 12:10 - 00000000 ____D C:\Users\MARKUS\AppData\Local\StormWatch 2015-07-19 19:59 - 2015-08-05 12:09 - 00000000 ____D C:\Users\MARKUS\Documents\ProPCCleaner 2015-07-19 19:59 - 2015-08-05 12:01 - 00003456 _____ C:\Windows\System32\Tasks\ProPCCleaner_Popup 2015-07-19 19:59 - 2015-07-19 20:23 - 00000000 ____D C:\Users\MARKUS\AppData\Local\D9DF0E76-C9D7-4F83-A919-28FDB7D924AA 2015-07-19 19:59 - 2015-07-19 20:00 - 00000000 ____D C:\ProgramData\WebShield 2015-07-19 19:59 - 2015-07-19 20:00 - 00000000 ____D C:\ProgramData\SqaSMuElYjF 2015-07-19 19:59 - 2015-07-19 19:59 - 00003192 _____ C:\Windows\System32\Tasks\ProPCCleaner_Start 2015-07-19 19:59 - 2015-07-19 19:59 - 00001069 _____ C:\Users\MARKUS\Desktop\Pro PC Cleaner.lnk 2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch 2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner 2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner 2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StormWatch 2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Program Files (x86)\StormWatch 2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Program Files (x86)\Pro PC Cleaner ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-05 12:12 - 2013-09-21 22:01 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-846433983-1932204352-779828525-1001 2015-08-05 12:12 - 2013-09-21 21:55 - 00002043 _____ C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-05 12:09 - 2013-09-21 23:44 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-05 12:09 - 2013-09-21 21:55 - 00000000 ____D C:\Users\MARKUS\AppData\Local\VirtualStore 2015-08-05 12:07 - 2013-09-24 18:15 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS 2015-08-05 12:07 - 2013-09-24 17:35 - 00000914 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job 2015-08-05 12:07 - 2013-09-21 23:43 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-08-05 12:07 - 2013-09-21 22:01 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys 2015-08-05 12:07 - 2013-09-21 22:01 - 00000424 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2015-08-05 12:07 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-05 12:06 - 2014-08-24 20:30 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-05 12:06 - 2014-01-25 12:47 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-08-05 12:06 - 2013-09-24 18:42 - 00229570 _____ C:\Windows\PFRO.log 2015-08-05 12:06 - 2013-09-21 23:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-05 12:06 - 2013-09-21 21:55 - 01323381 _____ C:\Windows\WindowsUpdate.log 2015-08-05 12:05 - 2013-09-21 23:43 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-05 12:01 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp 2015-08-05 11:59 - 2015-04-16 14:07 - 00426040 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-05 11:58 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2015-08-05 11:58 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-08-05 11:58 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-05 11:18 - 2013-09-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-05 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru 2015-08-05 10:47 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat 2015-08-05 10:47 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat 2015-08-05 10:47 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-05 10:40 - 2013-09-24 17:35 - 00000918 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job 2015-08-05 00:36 - 2013-09-24 19:44 - 00245019 _____ C:\Windows\setupact.log 2015-08-02 22:44 - 2013-09-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-01 20:11 - 2013-09-23 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-19 20:04 - 2013-09-21 22:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-19 20:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF 2015-07-13 23:22 - 2015-03-20 21:53 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-13 23:22 - 2015-03-20 21:53 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-05 12:05 - 2015-08-05 12:05 - 0032038 _____ () C:\Users\MARKUS\AppData\Roaming\Edge.ico Einige Dateien in TEMP: ==================== C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe C:\Users\MARKUS\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\MARKUS\AppData\Local\Temp\pricepeep_1.exe C:\Users\MARKUS\AppData\Local\Temp\ResetDevice.exe C:\Users\MARKUS\AppData\Local\Temp\setup.exe C:\Users\MARKUS\AppData\Local\Temp\Uni000.exe C:\Users\MARKUS\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-02 22:43 ==================== Ende von log ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:02-08-2015 01 durchgeführt von MARKUS (2015-08-05 12:12:22) Gestartet von C:\Users\MARKUS\Desktop Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-846433983-1932204352-779828525-500 - Administrator - Disabled) Gast (S-1-5-21-846433983-1932204352-779828525-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-846433983-1932204352-779828525-1003 - Limited - Enabled) MARKUS (S-1-5-21-846433983-1932204352-779828525-1001 - Administrator - Enabled) => C:\Users\MARKUS ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ACHTUNG CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform) CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.33 - Abelssoft) CinemaPlus-4.2vV19.07 (HKLM-x32\...\CinemaPlus-4.2vV19.07) (Version: 1.36.01.22 - Cinema PlusV19.07) <==== ACHTUNG Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ACHTUNG GamesDesktop 014.004010035 (HKLM-x32\...\gmsd_de_004010035_is1) (Version: - GAMESDESKTOP) <==== ACHTUNG Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ACHTUNG Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ACHTUNG iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.300.05.03.52 - Huawei Technologies Co.,Ltd) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation) PowerISO (HKLM-x32\...\PowerISO) (Version: - ) PriceGong 2.6.12 (HKLM-x32\...\PriceGong) (Version: 2.6.12 - PriceGong) <==== ACHTUNG Pro PC Cleaner (HKLM-x32\...\Pro PC Cleaner) (Version: 2.9.6 - Pro PC Cleaner) <==== ACHTUNG Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.60.24 - Client Connect LTD) <==== ACHTUNG Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) SlimDrivers (HKLM-x32\...\{EE877592-4C1B-42E3-907B-141E48163E05}) (Version: 2.2.32534 - SlimWare Utilities, Inc.) speed browser (HKLM-x32\...\speed browser) (Version: 44.0.2367.0 - Smart Applications) <==== ACHTUNG StormWatch (HKLM-x32\...\StormWatch) (Version: 1.0.2.55 - StormWatch) <==== ACHTUNG VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Web Shield (HKLM-x32\...\WebShield) (Version: 2.7.68 - Irrational Number Applications) WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) WordShark 1.10.0.19 (HKLM-x32\...\WordShark_1.10.0.19) (Version: 1.10.0.19 - WordShark) <==== ACHTUNG ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 01-08-2015 19:39:24 Windows Update 04-08-2015 23:55:07 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0722BE0A-FCF7-41FA-B5B6-12477263E329} - System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7 => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-1-7.exe <==== ACHTUNG Task: {0CBCA4AA-36FB-4122-A96E-54B6C4B77748} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\msoia.exe Task: {14E31A58-26E2-4CA5-A27C-49C32D7224EC} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2015-07-03] (Pro PC Cleaner) <==== ACHTUNG Task: {1DE4B79E-7B24-4124-AFE9-E191A02D6745} - System32\Tasks\DealPlyUpdate => C:\Program <==== ACHTUNG Task: {28379297-254D-4B0C-A647-2FEEE6EE8302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-19] (Adobe Systems Incorporated) Task: {42F42A4A-3E37-4E3B-A20E-A303A0D9F7D6} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-09-24] (DealPly Technologies Ltd) <==== ACHTUNG Task: {4A71F4EE-CA8D-4A86-B4F4-7ED828BA8220} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {4CCF6FD3-3D1F-4DE4-A920-2AF77BEF3BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.) Task: {4CF33B29-9D78-4743-9AFF-C64C93780036} - System32\Tasks\avabvexvac => C:\Users\MARKUS\AppData\Local\avabvexvac\avabvexvac.exe [2015-07-02] () <==== ACHTUNG Task: {4DF39370-FB1A-4F1F-ADD1-4FFEA4A27696} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-09-19] (CHIP) Task: {5BED26AC-B98B-4232-A4E9-FE5557B83080} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2015-07-03] () <==== ACHTUNG Task: {793E054E-6A72-4073-9FDD-C6EAF543FBDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd) Task: {81FB1E80-234D-4685-BD71-306426C9E268} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-05] (AVAST Software) Task: {B6BFDC3A-C6E6-44EA-BF89-4195CF34317B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe Task: {BADE1018-B7FD-4363-989C-3A04B454716A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.) Task: {C4391197-CFB4-4FE8-ABE1-FF7D25DC5A34} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-09-24] (DealPly Technologies Ltd) <==== ACHTUNG Task: {C5E2A175-89F2-40BC-B89D-746178CBDF9C} - System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4 => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-4.exe [2015-07-19] (Cinema PlusV19.07) <==== ACHTUNG Task: {CE4CDF5A-FC28-46DA-B88D-BA2167F1C271} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-17] (SlimWare Utilities, Inc.) Task: {DC8478C0-A6EF-4C5F-B8D5-8A8EB965F2CF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-08-05] (AVAST Software) Task: {E2687BA9-6CDA-4378-8132-DC60F9088080} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-09-24] () (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7.job => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-1-7.exe <==== ACHTUNG Task: C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-10_user.job => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-10.exe <==== ACHTUNG Task: C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4.job => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-4.exe <==== ACHTUNG Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ACHTUNG Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-01-08 20:12 - 2015-01-08 20:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-09-21 22:48 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2013-09-23 22:47 - 2012-11-28 14:31 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe 2015-04-10 15:49 - 2015-04-10 15:49 - 00586264 _____ () C:\Program Files (x86)\StormWatch\StormWatchSrv.exe 2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-04-10 15:49 - 2015-04-10 15:49 - 01556504 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe 2015-08-05 12:05 - 2015-08-05 12:05 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-05 12:05 - 2015-08-05 12:05 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-05 10:11 - 2015-08-05 10:11 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080402\algo.dll 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-05 12:06 - 2015-08-05 12:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-08-05 12:09 - 2015-07-31 08:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll 2015-08-05 12:09 - 2015-07-31 08:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll 2015-08-05 12:09 - 2015-08-05 12:09 - 01240568 _____ () C:\ProgramData\SqaSMuElYjF\dat\MrZPGFxqyBW.dll 2015-08-05 12:12 - 2015-08-05 12:12 - 00082696 _____ () C:\ProgramData\Radio\prompt.exe ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer trusted/restricted =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-846433983-1932204352-779828525-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run32: => "Adobe ARM" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{6166F54B-B65F-415B-971A-F8C9A6B8F78E}] => (Allow) I:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{53E65CE1-1DDA-4A9F-B546-B69B981554F0}] => (Allow) I:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{203B06D9-7BD4-4B9E-A0EE-C42D1B421B26}] => (Allow) I:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{BC6F74BD-4D15-4DB1-904F-611638802DD0}] => (Allow) I:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{E0A95703-05C1-42CD-9D27-A13D53E065DF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{4477845B-0F92-4039-A38B-2A44A53CB836}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{D5EB3681-D4AA-4130-8883-594ECD47B610}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{C9EBE41C-8505-4E80-BB3E-C4AE01C42F6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0FFF51C5-E069-47E6-A4B0-7FAB19EAF6EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CFEF6734-F6AA-49DA-A60F-C6DBAA4B6C1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E757F3FA-9D15-4AAC-AB0D-64D316BAF1EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{14A66F14-0288-4A21-B495-8DD1FDEC388C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{EF2B2998-3FD3-4DA6-A068-FEC6F8563888}I:\program files (x86)\mozilla firefox\firefox.exe] => (Block) I:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3B5A836B-8D83-4328-8F65-E6C1777FD5B9}I:\program files (x86)\mozilla firefox\firefox.exe] => (Block) I:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{18EB1593-619E-49AD-92A9-FB3F09E91F3A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe FirewallRules: [{ADA11736-0AA3-4627-96F3-D8F85606B3C3}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe FirewallRules: [{F3D341A7-F81A-44F6-B6A4-818FD0EA93BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (08/05/2015 12:06:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156 Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000077b8 ID des fehlerhaften Prozesses: 0x15a8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (08/05/2015 11:58:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17313, Zeitstempel: 0x5507a23b Ausnahmecode: 0xc0000008 Fehleroffset: 0x0002dc2c ID des fehlerhaften Prozesses: 0x798 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Vollständiger Name des fehlerhaften Pakets: svchost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5 Error: (08/05/2015 10:15:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156 Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000077b8 ID des fehlerhaften Prozesses: 0x1924 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (08/05/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156 Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000077b8 ID des fehlerhaften Prozesses: 0x11f8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (08/05/2015 10:14:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156 Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000077b8 ID des fehlerhaften Prozesses: 0xfc0 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (08/05/2015 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156 Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000077b8 ID des fehlerhaften Prozesses: 0x144c Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (08/05/2015 10:13:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156 Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000077b8 ID des fehlerhaften Prozesses: 0x1a4c Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 23340468 Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 23340468 Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Systemfehler: ============= Error: (08/05/2015 12:07:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/05/2015 12:06:52 PM) (Source: BTHUSB) (EventID: 30) (User: ) Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert. Error: (08/05/2015 12:06:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (08/05/2015 12:06:44 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI1 Error: (08/05/2015 11:59:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/05/2015 11:58:57 AM) (Source: BTHUSB) (EventID: 30) (User: ) Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert. Error: (08/05/2015 11:58:49 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (08/05/2015 11:58:48 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI1 Error: (08/05/2015 11:58:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Orbiter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/05/2015 11:58:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office: ========================= Error: (08/05/2015 12:06:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b815a801d0cf664e933146C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll9a846604-3b59-11e5-be93-685d43956c66 Error: (08/05/2015 11:58:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.2.9200.16420505a96c3ntdll.dll6.2.9200.173135507a23bc00000080002dc2c79801d0cf6539678c12C:\Windows\SysWOW64\svchost.exeC:\Windows\SYSTEM32\ntdll.dll85afcc9b-3b58-11e5-be92-685d43956c66 Error: (08/05/2015 10:15:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b8192401d0cf56deda897aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll239e2779-3b4a-11e5-be91-685d43956c66 Error: (08/05/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b811f801d0cf56d396aab3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll191ff14b-3b4a-11e5-be91-685d43956c66 Error: (08/05/2015 10:14:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b8fc001d0cf56c6547f2bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll0c328d70-3b4a-11e5-be91-685d43956c66 Error: (08/05/2015 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b8144c01d0cf56b8295fffC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dllff6046b1-3b49-11e5-be91-685d43956c66 Error: (08/05/2015 10:13:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b81a4c01d0cf568d2c8f62C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dlle6336dc5-3b49-11e5-be91-685d43956c66 Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 23340468 Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 23340468 Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity: =================================== Date: 2015-07-19 20:13:18.316 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:12:52.707 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:12:51.052 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:12:50.230 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:12:45.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:12:44.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:11:38.308 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:09:11.822 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:09:11.144 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:09:03.447 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. ==================== Speicherinformationen =========================== Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz Percentage of memory in use: 19% Total physical RAM: 8086.83 MB Available physical RAM: 6474.96 MB Total Virtual: 9302.83 MB Available Virtual: 7666.15 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:13.07 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive g: (Volume) (Fixed) (Total:426.66 GB) (Free:425.98 GB) NTFS Drive i: (Anwendungen) (Fixed) (Total:271.97 GB) (Free:268.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0EC1D3C8) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2BD2C32A) Partition 1: (Not Active) - (Size=698.6 GB) - (Type=42) ==================== Ende von log ============================ Phil |
06.08.2015, 05:33 | #4 |
/// the machine /// TB-Ausbilder | Youporndeutsch.co Virus/Maleware? Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.08.2015, 16:54 | #5 |
| Youporndeutsch.co Virus/Maleware? Hallo, BubbleSounds und Google Update Helper waren nicht in der Liste zu finden, daher konnte ich sie auch nicht löschen. Hier aber die anderen Logs... AdwCleaner: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 07/08/2015 um 17:09:19 # Aktualisiert 09/07/2015 von Xplode # Datenbank : 2015-08-01.1 [Server] # Betriebssystem : Windows 8 Pro (x64) # Benutzername : MARKUS - GHOST # Gestarted von : C:\Users\MARKUS\Downloads\AdwCleaner_4.208.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : swdumon ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Browser Ordner Gelöscht : C:\ProgramData\Uniblue Ordner Gelöscht : C:\ProgramData\WebShield Ordner Gelöscht : C:\Program Files (x86)\speed browser Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser Ordner Gelöscht : C:\Users\MARKUS\AppData\Local\eSupport.com Ordner Gelöscht : C:\Users\MARKUS\AppData\Local\speed browser Ordner Gelöscht : C:\Users\MARKUS\AppData\Local\slimware utilities inc Ordner Gelöscht : C:\Users\MARKUS\AppData\LocalLow\mixidj Ordner Gelöscht : C:\Users\MARKUS\AppData\Roaming\Babylon Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb Datei Gelöscht : C:\Windows\System32\drivers\swdumon.sys Datei Gelöscht : C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\user.js ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends Schlüssel Gelöscht : HKLM\SOFTWARE\Clients\StartMenuInternet\speed browser Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} Schlüssel Gelöscht : HKCU\Software\BABSOLUTION Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Tutorials Schlüssel Gelöscht : HKCU\Software\Browser Schlüssel Gelöscht : HKCU\Software\SlimWare Utilities Inc Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\StormWatchApp Schlüssel Gelöscht : HKLM\SOFTWARE\SlimWare Utilities Inc Schlüssel Gelöscht : HKU\.DEFAULT\Software\Browser Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v10.0.9200.17267 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] -\\ Mozilla Firefox v [wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf"); [wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico"); [wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf"); [wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={search[...] [wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6a1a03975fde4c8690f6b883c36bc17d88519bfe704d8cae3851239com74253.74253.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%[...] [wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false); [wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); -\\ Google Chrome v44.0.2403.130 ************************* AdwCleaner[R0].txt - [5695 Bytes] - [07/08/2015 17:07:48] AdwCleaner[S0].txt - [5077 Bytes] - [07/08/2015 17:09:19] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5136 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.5 (08.05.2015:1) OS: Windows 8 Pro x64 Ran by MARKUS on 07.08.2015 at 17:16:10,14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully deleted: [Service] swdumon [Reboot required] ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\SlimDrivers Startup Successfully deleted: [Task] C:\Windows\Tasks\SlimDrivers Startup.job ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys ~~~ Folders Successfully deleted: [Folder] C:\Users\MARKUS\Appdata\Local\slimware utilities inc Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers Successfully deleted: [Folder] C:\Users\MARKUS\Appdata\Local\D9DF0E76-C9D7-4F83-A919-28FDB7D924AA ~~~ FireFox Successfully deleted the following from C:\Users\MARKUS\AppData\Roaming\mozilla\firefox\profiles\wfwtmpfw.default\prefs.js user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine); user_pref(browser.search.searchengine.ptid, tugs); user_pref(browser.search.searchengine.uid, OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3); ~~~ Chrome [C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.08.2015 at 17:19:24,73 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015 durchgeführt von MARKUS (Administrator) auf GHOST (07-08-2015 17:21:42) Gestartet von C:\Users\MARKUS\Desktop Geladene Profile: MARKUS (Verfügbare Profile: MARKUS) Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BCSSync] => I:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PWRISOVM.EXE] => i:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-27] (PowerISO Computing, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> I:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> I:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> I:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - I:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2164B092-CA0E-4B90-9765-CA7FA1E1F1B4}: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default FF Homepage: https://www.malwarebytes.org/restorebrowser//?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=55&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&SSPV= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> I:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation) FF Extension: Adblock Plus - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-21] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [nicht gefunden] FF Extension: Kein Name - I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [nicht gefunden] Chrome: ======= CHR Profile: C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05] CHR Extension: (Google Docs) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05] CHR Extension: (Google Drive) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05] CHR Extension: (YouTube) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05] CHR Extension: (Google Search) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05] CHR Extension: (Google Sheets) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05] CHR Extension: (Avast Online Security) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (Gmail) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-05] (Avast Software) S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-28] () [Datei ist nicht signiert] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-24] () [Datei ist nicht signiert] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 Microsoft SharePoint Workspace Audit Service; I:\Program Files\Microsoft Office\Office14\GROOVE.EXE [51740536 2011-06-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-24] (Duplex Secure Ltd.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-05] (Avast Software) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-07 17:21 - 2015-08-07 17:21 - 00000000 ____D C:\Users\MARKUS\Desktop\FRST-OlderVersion 2015-08-07 17:19 - 2015-08-07 17:19 - 00002092 _____ C:\Users\MARKUS\Desktop\JRT.txt 2015-08-07 17:13 - 2015-08-07 17:13 - 00005236 _____ C:\Users\MARKUS\Desktop\AdwCleaner[S0].txt 2015-08-07 17:12 - 2015-08-07 17:12 - 01797896 _____ (Malwarebytes Corporation) C:\Users\MARKUS\Desktop\JRT.exe 2015-08-07 17:07 - 2015-08-07 17:09 - 00000000 ____D C:\AdwCleaner 2015-08-07 17:06 - 2015-08-07 17:06 - 02248704 _____ C:\Users\MARKUS\Downloads\AdwCleaner_4.208.exe 2015-08-07 17:06 - 2015-08-07 17:06 - 00165340 _____ C:\Users\MARKUS\Desktop\mbam.txt 2015-08-07 17:03 - 2015-08-07 17:03 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-07 17:00 - 2015-08-07 17:00 - 00001398 _____ C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-07 16:10 - 2015-08-07 17:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-07 16:10 - 2015-08-07 16:10 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-08-07 16:10 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-07 16:10 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-07 16:10 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-07 16:09 - 2015-08-07 16:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MARKUS\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-07 15:47 - 2015-08-07 15:47 - 00001264 _____ C:\Users\MARKUS\Desktop\Revo Uninstaller.lnk 2015-08-07 15:47 - 2015-08-07 15:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-08-07 15:45 - 2015-08-07 15:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MARKUS\Downloads\revosetup95.exe 2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\SysWOW64\vbox 2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\system32\vbox 2015-08-05 12:12 - 2015-08-05 12:12 - 00032859 _____ C:\Users\MARKUS\Desktop\Addition.txt 2015-08-05 12:11 - 2015-08-07 17:21 - 00014802 _____ C:\Users\MARKUS\Desktop\FRST.txt 2015-08-05 12:11 - 2015-08-07 17:21 - 00000000 ____D C:\FRST 2015-08-05 12:10 - 2015-08-07 17:21 - 02170368 _____ (Farbar) C:\Users\MARKUS\Desktop\FRST64.exe 2015-08-05 12:09 - 2015-08-07 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-05 12:08 - 2015-08-07 17:18 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-05 12:08 - 2015-08-07 17:10 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-05 12:08 - 2015-08-05 12:13 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-05 12:08 - 2015-08-05 12:13 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-05 12:06 - 2015-08-05 12:06 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-05 12:06 - 2015-08-05 12:06 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-08-05 12:06 - 2015-08-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-08-05 12:06 - 2015-08-05 12:05 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-05 12:05 - 2015-08-05 12:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Program Files\Common Files\AV 2015-08-05 10:44 - 2015-08-05 10:44 - 00931408 _____ (Google Inc.) C:\Users\MARKUS\Downloads\ChromeSetup.exe 2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Deployment 2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Apps\2.0 2015-08-05 00:36 - 2015-08-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-08-04 23:55 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-04 23:55 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-04 23:54 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-08-04 23:54 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-08-04 23:54 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-08-04 23:54 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-08-04 23:54 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-08-04 23:54 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-08-04 23:53 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml 2015-08-04 23:53 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2015-08-04 23:53 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls 2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls 2015-08-04 23:52 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-08-04 23:52 - 2015-03-27 10:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll 2015-08-04 23:52 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-08-04 23:50 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2015-08-04 23:50 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2015-08-02 14:24 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-02 14:24 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-02 14:24 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-02 14:24 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-02 14:24 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-02 14:24 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-08-02 14:24 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-02 14:24 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-02 14:24 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-02 14:24 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-02 14:24 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-02 14:24 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-02 14:23 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-08-02 14:23 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-08-02 14:23 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-08-02 14:23 - 2015-05-09 01:39 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-02 14:23 - 2015-05-08 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-02 14:23 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-08-02 14:23 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-02 14:23 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-02 14:23 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-08-02 14:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-08-02 14:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2015-08-02 14:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-08-02 14:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-08-01 19:50 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-01 19:50 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-08-01 19:50 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-08-01 19:50 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-01 19:50 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-01 19:50 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-01 19:50 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-08-01 19:45 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-08-01 19:45 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2015-07-19 20:05 - 2015-04-25 05:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-07-19 20:05 - 2015-04-25 01:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-07-19 20:00 - 2015-07-19 20:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-07 17:18 - 2013-09-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-07 17:16 - 2013-09-21 21:55 - 01897250 _____ C:\Windows\WindowsUpdate.log 2015-08-07 17:16 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat 2015-08-07 17:16 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat 2015-08-07 17:16 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-07 17:15 - 2014-11-22 00:00 - 00000000 ___HD C:\$Windows.~BT 2015-08-07 17:15 - 2013-09-21 22:01 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-846433983-1932204352-779828525-1001 2015-08-07 17:14 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp 2015-08-07 17:10 - 2013-09-24 18:42 - 00545238 _____ C:\Windows\PFRO.log 2015-08-07 17:10 - 2013-09-24 18:15 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS 2015-08-07 17:10 - 2013-09-21 23:43 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-08-07 17:10 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-07 16:59 - 2012-07-26 12:29 - 00000000 ____D C:\Windows\ShellNew 2015-08-07 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru 2015-08-07 15:42 - 2013-09-23 22:46 - 00000000 ____D C:\Windows\system32\MRT 2015-08-05 13:20 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2015-08-05 12:09 - 2013-09-21 23:44 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-05 12:09 - 2013-09-21 21:55 - 00000000 ____D C:\Users\MARKUS\AppData\Local\VirtualStore 2015-08-05 12:06 - 2014-08-24 20:30 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-05 12:06 - 2014-01-25 12:47 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-08-05 12:06 - 2013-09-21 23:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-05 12:05 - 2013-09-21 23:43 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-05 11:59 - 2015-04-16 14:07 - 00426040 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-05 11:58 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2015-08-05 11:58 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-08-05 11:58 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-05 00:36 - 2013-09-24 19:44 - 00245019 _____ C:\Windows\setupact.log 2015-08-02 22:44 - 2013-09-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-01 20:11 - 2013-09-23 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-19 20:04 - 2013-09-21 22:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-19 20:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF 2015-07-13 23:22 - 2015-03-20 21:53 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-13 23:22 - 2015-03-20 21:53 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-05 12:05 - 2015-08-05 12:05 - 0032038 _____ () C:\Users\MARKUS\AppData\Roaming\Edge.ico Einige Dateien in TEMP: ==================== C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe C:\Users\MARKUS\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\MARKUS\AppData\Local\Temp\Quarantine.exe C:\Users\MARKUS\AppData\Local\Temp\ResetDevice.exe C:\Users\MARKUS\AppData\Local\Temp\sqlite3.dll C:\Users\MARKUS\AppData\Local\Temp\Uni000.exe C:\Users\MARKUS\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-02 22:43 ==================== Ende von log ============================ Musste das log jetzt teilen.... Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 07.08.2015 Suchlaufzeit: 16:11 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.07.03 Rootkit-Datenbank: v2015.08.06.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: MARKUS Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 357474 Abgelaufene Zeit: 8 Min., 0 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 6 PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe, 2660, Löschen bei Neustart, [22ddca3b701b2412d9da88c059a8fa06] PUP.Optional.3DBubbleSound.A, C:\Program Files\BubbleSound\3D BubbleSound.exe, 5932, Löschen bei Neustart, [3dc2b253b1da2c0a1fc362b504ffb54b] PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 5024, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56] PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 4524, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56] PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 3612, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56] PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 5724, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56] Module: 13 PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\d3dcompiler_47.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\ffmpegsumo.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\ffmpegsumo.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libegl.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libglesv2.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], Registrierungsschlüssel: 216 PUP.Optional.WebShield.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\aXUOwJ, In Quarantäne, [22ddca3b701b2412d9da88c059a8fa06], PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylive, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylivem, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DEALPLYLIVE.EXE, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DEALPLYLIVE.EXE, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], PUP.Optional.MixiDJToolbar.A, HKLM\SOFTWARE\CLASSES\APPID\{A2773ED4-83BD-488A-A186-73590706C916}, In Quarantäne, [906f83829fec37ff3098a723917145bb], PUP.Optional.MixiDJToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2773ED4-83BD-488A-A186-73590706C916}, In Quarantäne, [906f83829fec37ff3098a723917145bb], PUP.Optional.MixiDJToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A2773ED4-83BD-488A-A186-73590706C916}, In Quarantäne, [906f83829fec37ff3098a723917145bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [e51a95706c1f73c31d83abeb0002cf31], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [e51a95706c1f73c31d83abeb0002cf31], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [e51a95706c1f73c31d83abeb0002cf31], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [0ef16e97b2d93204cfafb5e1bd4515eb], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [0ef16e97b2d93204cfafb5e1bd4515eb], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [0ef16e97b2d93204cfafb5e1bd4515eb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [f906778e7615191dbe325377cd35b947], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickCtrl.9, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.Update3WebControl.3, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [26d942c38dfe52e4e70deae03ac826da], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [26d942c38dfe52e4e70deae03ac826da], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreClass, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], PUP.Optional.Snapdo.T, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [58a704019eedab8be3e5e9e4f40e8d73], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [58a704019eedab8be3e5e9e4f40e8d73], PUP.Optional.Babylon.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [f00f4fb65734a5914e8a5a3889794ab6], PUP.Optional.PriceGong.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [dc233bcaacdfef4721d7365d60a23fc1], PUP.Optional.PriceGong.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [dc233bcaacdfef4721d7365d60a23fc1], PUP.Optional.PullUpdate.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WebShield, In Quarantäne, [19e64bbaa7e467cf56e0ff804cb936ca], PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\BubbleSound, In Quarantäne, [13ec0bfac1ca10261a2abeedf50f619f], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [cb34c045c7c44cea4a2382f1a65e956b], PUP.Optional.StormWarnings.C, HKLM\SOFTWARE\CLASSES\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, In Quarantäne, [35ca8382d3b847ef78823571f70d1de3], PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DealPlyLive.exe, In Quarantäne, [0cf38f76d8b31125c8a53e35ad5752ae], PUP.Optional.StormWarnings.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, In Quarantäne, [c53a48bd13789f974caefaac867eea16], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [6f9058ade3a8191de4b7fe9be3217c84], PUP.Optional.ProPCCleaner.C, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASAPI32, In Quarantäne, [55aa50b5018a05312830a6ff22e220e0], PUP.Optional.ProPCCleaner.C, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASMANCS, In Quarantäne, [649b54b144470e283820c4e1f90be719], PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASAPI32, In Quarantäne, [33cc8f7656358aace9e67833db2918e8], PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASMANCS, In Quarantäne, [9c63ee17fa9167cfddf2416a1be9d52b], PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR , In Quarantäne, [44bb44c1bad1ff3706cbedb6877d3ec2], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [7a8564a1eba03bfb7d939ff1da2ac739], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [c33c14f13358181e22ed0a86788cf010], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\774c6438-9235-495c-96ac-0b596846d9af-1-7, Löschen bei Neustart, [42bdf213771468ce471263b1e81bd030], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\774c6438-9235-495c-96ac-0b596846d9af-4, Löschen bei Neustart, [827d93725635f1459dbcb65e867d06fa], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\avabvexvac, Löschen bei Neustart, [8f703ec722695bdbaf5564af71922ad6], PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\DealPlyLiveUpdateTaskMachineCore, Löschen bei Neustart, [d629da2b54373afca5ba779d0201847c], PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\DealPlyLiveUpdateTaskMachineUA, Löschen bei Neustart, [59a63bca1576191d17486ca86c97b050], PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\DealPlyUpdate, Löschen bei Neustart, [7c8323e28a01ea4cce9172a2946f966a], PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\ProPCCleaner_Popup, Löschen bei Neustart, [a7582fd6b1da5cdadefad53d1ce728d8], PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\ProPCCleaner_Start, Löschen bei Neustart, [6c93ce377516aa8cffd9040e70936898], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [ac53679e2665e84e3e8208429073ce32], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [b946ea1be6a541f56e5c72d9c43f22de], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [4db254b1266531058de18ae9c53f8e72], PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [738c778e2a6141f5d4ed5fb9b44f0af6], PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, In Quarantäne, [ee11fa0b1e6d2d0932cceb41be45639d], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [857a53b2d9b28caaa7d4d9649172b749], PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ab5420e5fb9080b62240c25702017b85], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [cb34cf3605865adcd895d69d35cf649c], PUP.Optional.StormWarnings.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, In Quarantäne, [c936a95cf596a88e0eecb2f4b94be41c], PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, In Quarantäne, [7f80ee17aae1a98d4d5d841ddb292fd1], PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ec13d72eaae10531b8e37524f70d5aa6], PUP.Optional.WordShark.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordSharkAutoUpdateClient_RASAPI32, In Quarantäne, [2ed14db8a3e866d0c2bf5a53ad5740c0], PUP.Optional.WordShark.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordSharkAutoUpdateClient_RASMANCS, In Quarantäne, [926d57ae6c1fed49344d8c214db7b34d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [f30c6d9895f6d264234de192966ee719], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [916eeb1aeaa161d56e02482b838156aa], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, In Quarantäne, [46b956af5a31f54191a18027c143e51b], PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, In Quarantäne, [00ff81843b50ce681037d5c25ba99d63], PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [bf4056af0388e74f9aa0d49bba4aba46], PUP.Optional.WordShark.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsfd_1_10_0_19, In Quarantäne, [4ab57a8bc6c5c27411bb54510df7ab55], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [817ea065b2d994a2f5aea799bd4658a8], PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\CrossBrowser, In Quarantäne, [de2118ed8dfe44f240739b80bd46c53b], PUP.Optional.DataMngr.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\DataMngr, In Quarantäne, [619e689d8efd66d043b5f37ec83c40c0], PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\DealPly, In Quarantäne, [c33c1bea03886bcb58aa80b17f84f709], PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\DealPlyLive, In Quarantäne, [f50a798c107b8aacde93c0b30bf98f71], PUP.Optional.ProPCCleaner.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\ProPCCleanerLanguage, In Quarantäne, [a857be477a11a1956054267945bf55ab], PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\StormWatchApp, In Quarantäne, [47b86f96afdc3df9a0760c28ab58a957], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TutoTag, In Quarantäne, [7b844abbb9d27eb8192ee3ac46be35cb], PUP.Optional.CrossRider.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ac539372becd171f09ba7312b054936d], PUP.Optional.MultiIE.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [7788e91cfe8db680ca8dd9b28e76b54b], PUP.Optional.Babylon.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [837c30d5aae1e74fb541db9762a233cd], PUP.Optional.Trovi.C, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [728df70ec1ca6dc95974c2dd1ce83ec2], PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [57a8a36205860630bedc386124e08a76], PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\SMARTBAR, In Quarantäne, [3bc4ca3ba8e3de58bcf15707a063df21], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TUTORIALS\updatetutorialeshp, In Quarantäne, [fb04a65f1279ec4ac69bd450ff04f30d], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TUTORIALS\updatetutorialshp, In Quarantäne, [47b884816625c274085a82a2758e22de], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TUTORIALS\updv, In Quarantäne, [2ed14db8216a72c479eab66e4eb501ff], PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\CLASSES\CLSID\{1386F2A3-FEB9-4C55-AD9A-B798EE57299B}, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\CLASSES\CLSID\{7FDF7A92-F901-4F93-9769-A8AC41C8E563}, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BubbleSound, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], Registrierungswerte: 30 PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [6f9058ade3a8191de4b7fe9be3217c84] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, In Quarantäne, [eb14a06574176ccafba05247ce36fa06] PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [6f90c73edead0c2a0c09201bd52e15eb] PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [f00ffd083853f541b61a3a6913f10df3] PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [5ca347be8efdf5415e72c5dec341e818] PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [9f60c73ec7c41d191fb1cfd4d23219e7] PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [44bbb5507b1095a1a42ca0031ee6e31d] PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [4db244c1a8e352e4b31d0c9734d030d0] PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [21deff06b5d6be7806ca198adf25936d] PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [44bb44c1bad1ff3706cbedb6877d3ec2] PUP.Optional.3DBubbleSound.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3D BubbleSound, "C:\Program Files\BubbleSound\3D BubbleSound.exe", In Quarantäne, [3dc2b253b1da2c0a1fc362b504ffb54b] PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, In Quarantäne, [55aa41c499f241f5ae4158c25ea5629e] PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, In Quarantäne, [ad52976e37546fc7a97d85179074fa06] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [ec13d72eaae10531b8e37524f70d5aa6] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, In Quarantäne, [9966c540315a5cda2b709efb1fe5d030] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [5aa55da88308c274987d2b10b94aab55] PUP.Optional.DefaultSearchProtected.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|defsearchp@gmail.com, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com, In Quarantäne, [7887c144b2d936002b37e1ca27dd16ea] PUP.Optional.DeskCut.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskCutv2@gmail.com, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com, In Quarantäne, [56a924e10b80cc6a524f4acb689ba15f] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 2, In Quarantäne, [46b956af5a31f54191a18027c143e51b] PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 4240A073-9D9E-4E54-A476-4A844BAC89E2, In Quarantäne, [00ff81843b50ce681037d5c25ba99d63] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, In Quarantäne, [817ea065b2d994a2f5aea799bd4658a8] PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, In Quarantäne, [3ac5e71ec8c3290d3ce96a32f11344bc] PUP.Optional.Trovi.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=58&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&q={searchTerms}&SSPV=, In Quarantäne, [00ffee17068539fd418d2c6dd4301ee2] PUP.Optional.Conduit.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [05fab3523a51053126e69a815ba8748c] PUP.Optional.Trovi.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, In Quarantäne, [dc23cc39d5b6999d3896415821e3ae52] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E43C685D43956C66&affID=121136&tsp=5014, In Quarantäne, [807fb253a0ebff37a0656139b54f57a9] PUP.Optional.Babylon.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, In Quarantäne, [4eb18c796a2182b4b62d75a2649fd52b] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [57a8a36205860630bedc386124e08a76] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, In Quarantäne, [bf40966fb9d2af871d7dc4d5a06430d0] PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, In Quarantäne, [3bc4ca3ba8e3de58bcf15707a063df21] Registrierungsdaten: 19 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),Ersetzt,[3ac5c63fa1eafe38f0a625097e837090] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll),Ersetzt,[5fa041c4810a999dabebb37b56abc33d] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[f807c14457345bdba6b7a69b9273748c] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[ff00a2634348072ff91fe957c44127d9] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[e6193dc802895dd974a4b888fd08e818] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[da258f763d4e16207d9bab95f015bb45] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[43bc7491e4a739fde92f43fd73929868] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[aa55d530a0ebad89ace5bc8f0df803fd] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[5da26d981576c17574e90d34669f5ba5] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[b14ef213dab1c274ec2cf947c144d12f] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[ae515ca9117a50e68f899ca49c693ac6] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[f30cb74e860590a6f4242f11778e619f] PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[bb440203c2c9d85e8a8ef14f45c0f20e] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[d02ff5102764c1751a7784c77590817f] PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[fc034eb74d3e80b6b02caf91f015e917] PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[0df2e2231e6df343746af24e4eb7d22e] PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[b24d5aabe4a73105f7e7ac9413f2fe02] PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[d42b34d1ee9d55e1ba5c8eb232d314ec] PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[d72808fd5437c76f01dc142c1fe6e61a] Ordner: 126 PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, In Quarantäne, [d22dc2432d5e71c5c4d381990bf816ea], PUP.Optional.WebShield.A, C:\Users\MARKUS\AppData\Local\WebShield, In Quarantäne, [807f22e3d5b65ed83506a2a59a6947b9], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly, In Quarantäne, [29d64eb73754350142178be40afaba46], PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [16e901045635b086442f5a17b54f48b8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\defaults, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\defaults\preferences, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\userCode, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\locale, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\locale\en-US, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.BubbleSound.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0, In Quarantäne, [f708eb1addae2e0876e354507e86e818], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\1.0.4.1, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], PUP.Optional.PullUpdate.A, C:\ProgramData\Radio, In Quarantäne, [44bb887df09be452813df1b7c2423dc3], PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Dealply, In Quarantäne, [58a7d92c256667cfe0a7d50aec1620e0], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Dealply\UpdateProc, In Quarantäne, [58a7d92c256667cfe0a7d50aec1620e0], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{98C83EB6-163C-4643-972B-9BD1F97CF4FA}, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.OpenCandy, C:\Users\MARKUS\AppData\Roaming\OpenCandy, In Quarantäne, [9e61d82dbbd0a294acffcf105ca64db3], PUP.Optional.OpenCandy, C:\Users\MARKUS\AppData\Roaming\OpenCandy\2134824CD35644C28148A6942AE0A3F6, In Quarantäne, [9e61d82dbbd0a294acffcf105ca64db3], PUP.Optional.OpenCandy, C:\Users\MARKUS\AppData\Roaming\OpenCandy\FDAE2589122C41D99C0D4DEE819C2A34, In Quarantäne, [9e61d82dbbd0a294acffcf105ca64db3], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Local\DealPlyLive, In Quarantäne, [f708a263187368cec4ff914ecb3751af], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [f708a263187368cec4ff914ecb3751af], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\SearchProtect, In Quarantäne, [68973cc95536bf773f82c02fbd45a858], PUP.Optional.GlobalUpdate.A, C:\Users\MARKUS\AppData\Local\Temp\comh.323374, In Quarantäne, [16e91de84447e551a6ed60923ec44bb5], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\Locales, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.GamesDesktop.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP, In Quarantäne, [718ef510b0dbc96dd76249b892713fc1], PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035, In Quarantäne, [b946b45133589f9762d842bff90a758b], PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\Download, In Quarantäne, [b946b45133589f9762d842bff90a758b], PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\gmsd_de_004010035, In Quarantäne, [b946b45133589f9762d842bff90a758b], PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\gmsd_de_004010035\1.20, In Quarantäne, [b946b45133589f9762d842bff90a758b], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, In Quarantäne, [31ce13f2157653e37f6e7795b64def11], PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze\2.9.6.0, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound, Löschen bei Neustart, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.StormWatch.A, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch, In Quarantäne, [1fe0f2132863fa3cd354fb14a55e25db], PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\Documents\ProPCCleaner, In Quarantäne, [d02fc73e82096fc7964a67a8808338c8], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pl, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\tr, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\vi, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults\preferences, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\content, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\skin, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\dat, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], |
07.08.2015, 17:00 | #6 |
| Youporndeutsch.co Virus/Maleware? Hier der zweite Teil... Code:
ATTFilter Dateien: 473 PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe, Löschen bei Neustart, [22ddca3b701b2412d9da88c059a8fa06], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, In Quarantäne, [3ac5c63fa1eafe38f0a625097e837090], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, In Quarantäne, [5fa041c4810a999dabebb37b56abc33d], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyIE.dll, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], PUP.Optional.PullUpdate.A, C:\ProgramData\Browser\prompt.exe, In Quarantäne, [ec1390752d5e7db92edd7a42c0412bd5], PUP.Optional.PullUpdate.A, C:\ProgramData\Radio\prompt.exe, In Quarantäne, [0ff03bca810a072f3fcc7d3f52afcf31], PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\dat\aTMUIWqsG.exe, Löschen bei Neustart, [f50a33d2b2d93bfb00b3b5934ab7a65a], PUP.Optional.ZombieInvasion.A, C:\ProgramData\SqaSMuElYjF\dat\MrZPGFxqyBW.dll, Löschen bei Neustart, [ff00a95c6427e353727453d48d782bd5], PUP.Optional.PullUpdate.C, C:\ProgramData\SqaSMuElYjF\dat\taCdjwNSZVx.dll, Löschen bei Neustart, [16e97c89a4e747ef59ddabd452b36997], PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\dat\ZdtQfXQQRJN.exe, Löschen bei Neustart, [629d907599f25ed8159efd4b0ff2cc34], PUP.Optional.PullUpdate.C, C:\ProgramData\WebShield\Uninstall.exe, In Quarantäne, [19e64bbaa7e467cf56e0ff804cb936ca], PUP.Optional.Linkury.A, C:\Users\MARKUS\AppData\Roaming\OpenCandy\2134824CD35644C28148A6942AE0A3F6\Installer.exe, In Quarantäne, [23dc0203c2c914223da30eea8a7aa759], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\OpenCandy\FDAE2589122C41D99C0D4DEE819C2A34\dp.exe, In Quarantäne, [4fb0a75ef09bc4727da5caaa8d788080], PUP.Optional.Dealply, C:\Program Files (x86)\DealPly\DealPlyUpdate.exe, In Quarantäne, [f30c3cc97615f73fde6499d8f70eba46], PUP.Optional.Dealply, C:\Program Files (x86)\DealPly\DealPlyUpdateRun.exe, In Quarantäne, [00ff1ee7a0ebe5510c366f02bb4add23], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyUpdateVer.exe, In Quarantäne, [2ad5e322b3d847ef1cb272addf21c43c], RiskWare.Tool.CK, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$RERSWD4.exe, In Quarantäne, [926daf56ddae8ea815713b43040146ba], PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$ROOLZ0A.07\774c6438-9235-495c-96ac-0b596846d9af-4.exe, In Quarantäne, [2dd2ac59e7a43ef84c87dd9ab94c25db], PUP.Optional.Downloader.C, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$ROOLZ0A.07\Uninstall.exe, In Quarantäne, [4bb4d332fc8fe551ffff09afbc45926e], PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$ROVMHT3\uninstall.exe, In Quarantäne, [b649aa5b296253e3e8ae39f5f0110000], PUP.Optional.Crossbrowse.C, C:\Users\MARKUS\AppData\Local\Temp\F713.tmp, In Quarantäne, [41bed2338b0065d1387af68751b4d828], PUP.Optional.Babylon.A, C:\Users\MARKUS\AppData\Local\Temp\setup.exe, In Quarantäne, [39c6aa5babe0bc7a2d12ebfb49b7fb05], PUP.Optional.PricePeep.A, C:\Users\MARKUS\AppData\Local\Temp\pricepeep_1.exe, In Quarantäne, [7e813dc895f678bed3e1a4667d8454ac], PUP.Optional.WebBar.A, C:\Users\MARKUS\AppData\Local\Temp\108c948e-1aa6-4763-9da9-71be00c60a64\web_bar_setup.exe, In Quarantäne, [5ea129dc6f1ca591f8f2f2931be624dc], PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Local\Temp\667a9c41-7d25-41de-ab32-255d2b213bd5\lly_istartsurf.exe, In Quarantäne, [689731d4286382b4d8084a319f6647b9], PUP.Optional.WebShield.A, C:\Users\MARKUS\AppData\Local\Temp\dddef2f9-a5b5-4b1d-b5e8-25dffbdd6c25\setup.exe, In Quarantäne, [e51adf26aedd60d65536b79903fd827e], PUP.Optional.StormWatch.A, C:\Users\MARKUS\AppData\Local\Temp\f876484c-7802-40b3-9f4e-7df399edf320\setup.exe, In Quarantäne, [55aa7b8ab0db81b583b4c47843bd9c64], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Temp\is-T3468.tmp\pricegong.exe, In Quarantäne, [af5043c238535ed858c87c9e52af54ac], PUP.Optional.Crossbrowse.C, C:\Users\MARKUS\AppData\Local\Temp\9862\setup.exe, In Quarantäne, [ee11e421d6b50036e1d1ceafc0454cb4], PUP.Optional.SkyTech.A, C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\QQBrowserFrame.dll, In Quarantäne, [1de2798cd5b66ec87eba55ff9b6658a8], PUP.Optional.WordShark.A, C:\Users\MARKUS\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [08f7c3425338fb3b6c058e221be6ac54], PUP.Optional.Downloader, C:\Users\MARKUS\Downloads\VLC media player 32 Bit - CHIP-Installer.exe, In Quarantäne, [32cdc1443e4da78f37f485c3ec14a060], PUP.Optional.SearchProtect, C:\Users\MARKUS\AppData\Local\avabvexvac\avabvexvac.exe, In Quarantäne, [748b8f767c0fae88d1afd1931ae73dc3], PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, In Quarantäne, [7788f70ed5b6d4620d8977b711f09e62], PUP.Optional.SearchProtect.A, C:\Windows\apppatch\nbin\VC32Loader.dll, In Quarantäne, [3dc20bfa0f7c270f435388a63fc2c43c], PUP.Optional.3DBubbleSound.A, C:\Users\MARKUS\Desktop\3D BubbleSound.lnk, In Quarantäne, [f80717ee99f21521b42d68afee1532ce], PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, In Quarantäne, [d22dc2432d5e71c5c4d381990bf816ea], PUP.Optional.Trovi.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\trovi.xml, In Quarantäne, [d22dd431a7e41e18515c091549ba2dd3], PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avabvexvac, In Quarantäne, [3dc255b05e2d8caa197091916c97867a], PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job, In Quarantäne, [7d82ab5a791261d5d31f46e9d1320cf4], PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job, In Quarantäne, [23dc6e979fec52e49959200fba49b848], PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\istartsurf.xml, In Quarantäne, [8b744cb9137892a4aac695a9be4519e7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7, In Quarantäne, [5ea17e878b009b9b4847172bee158e72], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4, In Quarantäne, [e01fbd48444763d33c5391b19a69f40c], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore, In Quarantäne, [09f6f80d6526bf77373b380efb08768a], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA, In Quarantäne, [d8274fb6315a171f9ad887bf06fdf010], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [33ccbf468308b086343e77cf3dc68e72], PUP.Optional.WebShield.A, C:\Users\MARKUS\AppData\Local\WebShield\data2.dat, In Quarantäne, [807f22e3d5b65ed83506a2a59a6947b9], PUP.Optional.MixiDJ.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\mixidj.xml, In Quarantäne, [7788ea1bd2b97eb87feac1960ef53ac6], PUP.Optional.PricePeep.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\pricepeep@getpricepeep.com.xpi, In Quarantäne, [30cfef16a2e9bd7928541245f0139070], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPly.crx, In Quarantäne, [29d64eb73754350142178be40afaba46], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPly.xpi, In Quarantäne, [29d64eb73754350142178be40afaba46], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyIE64.dll, In Quarantäne, [29d64eb73754350142178be40afaba46], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyUpdate.log, In Quarantäne, [29d64eb73754350142178be40afaba46], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\icon.ico, In Quarantäne, [29d64eb73754350142178be40afaba46], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\uninst.exe, In Quarantäne, [29d64eb73754350142178be40afaba46], PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [16e901045635b086442f5a17b54f48b8], PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [16e901045635b086442f5a17b54f48b8], PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [16e901045635b086442f5a17b54f48b8], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], PUP.Optional.CrossRider.T, C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7.job, In Quarantäne, [48b708fd513a86b0c595cebf34d0f30d], PUP.Optional.CrossRider.T, C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-10_user.job, In Quarantäne, [22ddee17f299181e8dcdace1f60eb050], PUP.Optional.CrossRider.T, C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4.job, In Quarantäne, [e51af60f454648ee52087b121de7d729], PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [15ea47bea7e4f83ee52df69adf25e11f], PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [cd32689d2962fc3a1a2e0292c93bc13f], PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [1be4d92c0982b97dd771563e28dcea16], PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [cd32d2334a419d997bcdc8ccf01443bd], PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [659add2872191b1b45030f851de7c838], PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [47b875903754c86e3f09a0f4fc086997], PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, In Quarantäne, [5ea1d82d286367cf4503c8cc49bb867a], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\crossrider_statusbar.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button1.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button2.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button3.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button4.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button5.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon128.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon16.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon24.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon48.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\panelarrow-up.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\popup.html, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\skin.css, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\update.css, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome.manifest, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\install.rdf, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\0113a152429c572601fcebdc7cc6967f.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\110160835b5a1f92bcc62f909899ca9a.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\12a6898699b7cf299a2491187784c5ef.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\3a0791e9cf083e799d3524c263f11854.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\4fb88dae63226e6299984e709e27884d.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\a5718f6ef5317bc32ba8655077da7859.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\background.html, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\browser.xul, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\dialog.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\options.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\options.xul, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\search_dialog.xul, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\a71f2b19ee319b2568cd7948f11c0174.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\190949771611cdcd01d0627da5a702cc.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\228b084cb972835caf94ae164f87133e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\2daea0a96fcf6d282e3e1fe5443e30a6.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\3c33e104d698473542d3d1cbf898dbbc.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\5db859adf0fffac8157f3811070ff891.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\750d0632354e22f8d89d9661e46bc7a9.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\7589eb2375d0872da54a5e30419926e8.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\a6f01248d32417c77bab007e4886342c.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\b5e48145d357cd7c3687a3f08afd3d06.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\c6fb0e819753532a5fbd62b13aaaac98.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\cb3ccbc4a14700f753cf5b0ea73d5a0d.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\d8928caf619151599aa8ab64ec233ef0.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\da4ecf7d2636bbc6f07dde42d8eb09cd.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\daa62d7076421368a9c39bb76e8e1d14.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\f4f452f5d121bb07be139e1e9587fc9c.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\00dc18ed21869485befc514b201c4514.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\08d5163208fca1eaa8bb3229d4a8aaf1.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\0ea6492d681c8c583bec60bee57e092e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\16c83328d047fe3ef8826468d3c4c6ab.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\183578f197b56fccd10f6e73f00f4882.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\20d64d4a0fdca1eec38c880ef138cecb.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\246bf7fba23ce99638945053934fae25.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\2ec17942187b5d1ca5acb6387da7784b.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\37f2a7c7d880ef7fcc4e2a04a126f8a0.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\5a177b09fd38d91c81e9291a4745684e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\64cba9313f500442d1a12e711c3c5fd7.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\81ee80a9e3ff4f9f399f6433a5e6111d.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\9e3b32c893ff351b3b6ebf57e9c05510.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\b00147f7362be7267c72535563259f03.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\b13c888aa396260b76459ac073d0e8b4.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\c2da62c403d6486ae34c1811fd24c5c2.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\cf54d0c56a76b50191ece4150f7cbe51.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\d8a77c9f3afccd351b239b31a978ac4e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\f70eb6e5549a3f1d1b10515cb4850e4f.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\ffe82212f3a9693a6c7f5b4add4b62dc.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\installer.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\defaults\preferences\prefs.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\manifest.xml, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins.json, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\281.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\102.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\104.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\119.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\13.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\14.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\16.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\17.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\178.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\179.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\180.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\184.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\195.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\200.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\220.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\223.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\231.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\232.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\234.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\242.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\246.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\252.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\253.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\273.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\288.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\289.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\300.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\334.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\335.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\339.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\345.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\354.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\356.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\376.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\380.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\385.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\389.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\390.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\391.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\4.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\424.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\47.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\64.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\7.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\78.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\9.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\91.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\userCode\background.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\userCode\extension.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\locale\en-US\translations.dtd, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], PUP.Optional.Browser.A, C:\ProgramData\Browser\prompt.exe.config, In Quarantäne, [738c867f3f4c8fa789de2c7071939d63], PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Popup, In Quarantäne, [a95640c5cbc039fde3ce079892729f61], PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Start, In Quarantäne, [b44bc0454348bf77d4dd079800042dd3], PUP.Optional.BubbleSound.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0\Uninstall.lnk, In Quarantäne, [f708eb1addae2e0876e354507e86e818], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\1.0.4.1\eaclaoro.exe.config, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\1.0.4.1\sqlite3.dll, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\dat.dat, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], PUP.Optional.PullUpdate.A, C:\ProgramData\Radio\prompt.exe.config, In Quarantäne, [44bb887df09be452813df1b7c2423dc3], PUP.Optional.3DBubbleSound.A, C:\Program Files\BubbleSound\3D BubbleSound.exe, Löschen bei Neustart, [3dc2b253b1da2c0a1fc362b504ffb54b], PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Dealply\UpdateProc\config.dat, In Quarantäne, [58a7d92c256667cfe0a7d50aec1620e0], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\manifest.json, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\pg_background.html, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\html_comp.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_page_injected_script.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_tab_wrapper.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.html, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins\npPriceGong_CH.dll, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_128.png, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_16.png, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_48.png, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js, In Quarantäne, [49b69f664744e35307501fc522e038c8], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_100_percent.pak, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\d3dcompiler_47.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\ffmpegsumo.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\icudtl.dat, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libegl.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libglesv2.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\natives_blob.bin, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\resources.pak, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\snapshot_blob.bin, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\Locales\de.pak, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\upgmsd_de_004010035.cyl, In Quarantäne, [b946b45133589f9762d842bff90a758b], PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\user_profil.cyp, In Quarantäne, [b946b45133589f9762d842bff90a758b], PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\gmsd_de_004010035\1.20\cnf.cyl, In Quarantäne, [b946b45133589f9762d842bff90a758b], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\bahvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\mkfvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\pvpqbjobmlpfqlovvawq, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\qokvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\rfobmlpfqlovvawq, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\rpboobmlpfqlovvawq, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\stb.dat, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\ycfvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe, In Quarantäne, [31ce13f2157653e37f6e7795b64def11], PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze\2.9.6.0\user.config, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\backup_High Definition Audio-Gerät_Digitalaudio (S_PDIF).reg, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\backup_High Definition Audio-Gerät_Lautsprecher.reg, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\backup_High Definition Audio-Gerät_SAMSUNG.reg, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\BubbleSound.dll, Löschen bei Neustart, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\silentinstaller.exe, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\silentuninstaller.exe, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\Uninstall.exe, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config\3DBubbleSound.conf, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config\3DBubbleSound.err, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config\3DBubbleUser.conf, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], PUP.Optional.StormWatch.A, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch\StormWatchSrv.dat, In Quarantäne, [1fe0f2132863fa3cd354fb14a55e25db], PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\Documents\ProPCCleaner\log.txt, In Quarantäne, [d02fc73e82096fc7964a67a8808338c8], PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\Documents\ProPCCleaner\logerror.txt, In Quarantäne, [d02fc73e82096fc7964a67a8808338c8], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome.manifest, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\install.rdf, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\index.html, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\icon.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\logo.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\luck.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\simple.css, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\style.css, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\addonmanager.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\aes.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\config.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\dialogs.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\last_tab.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\misc.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\properties.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\remoterequest.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\restoreprefs.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\settings.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome.manifest, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\install.rdf, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\skin\icon.png, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\dat\aTMUIWqsG.exe.config, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\dat\ZdtQfXQQRJN.exe.config, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.dat, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe.config, In Quarantäne, [01fe1ce997f49b9b9a684f3383828d73], PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\info.dat, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], PUP.Optional.QuickStart.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[a6590df87d0e6dc966f5473d7e8740c0] PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "istartsurf");), Ersetzt,[3dc2e025f39849edd2a1305443c2cc34] PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "istartsurf");), Ersetzt,[807fac59f79434025321d3b13dc8926e] PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14ea77f75e9eb8da2693fd81ac8c4353");), Ersetzt,[7c839d688a0183b338a7ff8642c3c53b] PUP.Optional.Trovi.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (browser.startup.homepage", "hxxp://www.trovi.com), Ersetzt,[5ea115f05239989e05cfaeda7293bf41] PUP.Optional.DefaultProtectedSearch.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (defsearchp@gmail.com), Ersetzt,[906f7c896a21290da9556b1df312f60a] PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (deskCutv2@gmail.com), Ersetzt,[48b7fd0892f939fd9f60f39553b201ff] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
08.08.2015, 09:44 | #7 |
/// the machine /// TB-Ausbilder | Youporndeutsch.co Virus/Maleware?ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.08.2015, 13:08 | #8 |
| Youporndeutsch.co Virus/Maleware? Hey, hier der log von Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=03d4cbbc643a6843865c70410fa74ea8 # end=init # utc_time=2015-08-08 11:28:08 # local_time=2015-08-08 01:28:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download Update Finalize Updated modules version: 25184 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=03d4cbbc643a6843865c70410fa74ea8 # end=updated # utc_time=2015-08-08 11:32:18 # local_time=2015-08-08 01:32:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=03d4cbbc643a6843865c70410fa74ea8 # engine=25184 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-08 11:51:40 # local_time=2015-08-08 01:51:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Internet Security' # compatibility_mode=779 16777213 85 72 265458 203455190 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 12004212 98540811 0 0 # scanned=200765 # found=18 # cleaned=18 # scan_time=1161 sh=874DD3B68A7AE8A29A145B1396BC54D4B23FFB8D ft=1 fh=f169519a8f7ba48b vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$R5HXT6J.exe" sh=228F3D985297D2A6B390D24308E2EC4F640D051D ft=1 fh=c71c001100a74d61 vn="Variante von Win32/ELEX.EL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$RGBU4CA\UninstallManager.exe" sh=036C75D0603BE8B8AE9732856D75441371BD7D90 ft=1 fh=ac03f69a67ae4d22 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe" sh=01B394BFD78AC1A88EF00B03878680F68FDD5291 ft=1 fh=80aefb8aa3c56326 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe" sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe" sh=1B103F696A2D86A7790EDF1FEE66E0F60CE93CAD ft=1 fh=c289951717bd4b3d vn="Variante von Win32/InstallCore.ABD evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe" sh=FC208B1CEC80F9DF9AD3E213426C97D3341D3C01 ft=1 fh=c28995172ebabccb vn="Variante von Win32/InstallCore.ABD evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe" sh=189851DB27A636E7E11BBE63F7875193096EF5AE ft=1 fh=c28995179123e56b vn="Variante von Win32/InstallCore.ABD evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe" sh=C86214CB00DB102DC1896C7D609DEE58B93BB7D3 ft=1 fh=c28995175efc5099 vn="Variante von Win32/InstallCore.ABD evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe" sh=EA3060E5492AD2557EAB12E1CE8766D79CD6E503 ft=1 fh=dae6dd3d7a54b142 vn="MSIL/MyPCBackup.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe" sh=6C23A9F9903CA4B244E59DDA21784D8347200F8C ft=1 fh=f8d43310deb0dd2c vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe" sh=8F52C7430EBD3BC43405060EAE167FD1C4D82414 ft=1 fh=057a3b13cf704491 vn="Win32/MyPCBackup.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe" sh=01E3F3147C9A5C79743CD67E4CC45CF3DB63E82A ft=1 fh=f77468889b04ad91 vn="MSIL/Rebrand.LittleRegClean.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe" sh=F0A5E04842697404275CF4A352455ACD5FC44578 ft=1 fh=c71c0011e496372e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll" sh=EE7646E9A9ECD2FA138A5EE732368D3785E060B2 ft=1 fh=a9e6d2fee3def72a vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll" sh=FF6FD97BCC603890C9BDFFEBE992A8B95D4F2686 ft=1 fh=6c2a9be43d49c952 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe" sh=6C1EBB908033B4EE30E460ED72CA2095C1831972 ft=1 fh=193edd22efd246d5 vn="Variante von Win32/Toolbar.CrossRider.CP evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll" sh=228F3D985297D2A6B390D24308E2EC4F640D051D ft=1 fh=c71c001100a74d61 vn="Variante von Win32/ELEX.EL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe" Code:
ATTFilter Results of screen317's Security Check version 1.006 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 18.0.0.209 Adobe Reader XI Google Chrome (44.0.2403.130) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 durchgeführt von MARKUS (Administrator) auf GHOST (08-08-2015 14:06:28) Gestartet von C:\Users\MARKUS\Desktop Geladene Profile: MARKUS (Verfügbare Profile: MARKUS) Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (PowerISO Computing, Inc.) I:\Program Files (x86)\PowerISO\PWRISOVM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BCSSync] => I:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PWRISOVM.EXE] => i:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-27] (PowerISO Computing, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> I:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> I:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> I:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation) Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Keine Datei Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - I:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2164B092-CA0E-4B90-9765-CA7FA1E1F1B4}: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default FF Homepage: https://www.malwarebytes.org/restorebrowser//?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=55&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&SSPV= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> I:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation) FF Extension: Adblock Plus - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-21] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [nicht gefunden] FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [nicht gefunden] FF Extension: Kein Name - I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [nicht gefunden] Chrome: ======= CHR Profile: C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05] CHR Extension: (Google Docs) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05] CHR Extension: (Google Drive) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05] CHR Extension: (YouTube) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05] CHR Extension: (Google Search) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05] CHR Extension: (Google Sheets) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05] CHR Extension: (Avast Online Security) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05] CHR Extension: (Gmail) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-05] (Avast Software) S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-28] () [Datei ist nicht signiert] S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-24] () [Datei ist nicht signiert] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 Microsoft SharePoint Workspace Audit Service; I:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-09] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation) R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-24] (Duplex Secure Ltd.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-05] (Avast Software) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-08 14:02 - 2015-08-08 14:02 - 00852684 _____ C:\Users\MARKUS\Desktop\SecurityCheck.exe 2015-08-08 13:37 - 2015-08-08 13:38 - 00000712 _____ C:\Windows\DtcInstall.log 2015-08-08 13:19 - 2015-08-08 13:19 - 02870984 _____ (ESET) C:\Users\MARKUS\Downloads\esetsmartinstaller_deu.exe 2015-08-08 13:09 - 2015-08-08 13:09 - 00000000 ____D C:\Program Files\Microsoft Office 2015-08-07 17:22 - 2015-08-07 17:22 - 00031860 _____ C:\Users\MARKUS\Desktop\FRST1.txt 2015-08-07 17:21 - 2015-08-08 14:06 - 00000000 ____D C:\Users\MARKUS\Desktop\FRST-OlderVersion 2015-08-07 17:19 - 2015-08-07 17:19 - 00002092 _____ C:\Users\MARKUS\Desktop\JRT.txt 2015-08-07 17:13 - 2015-08-07 17:13 - 00005236 _____ C:\Users\MARKUS\Desktop\AdwCleaner[S0].txt 2015-08-07 17:12 - 2015-08-07 17:12 - 01797896 _____ (Malwarebytes Corporation) C:\Users\MARKUS\Desktop\JRT.exe 2015-08-07 17:07 - 2015-08-07 17:09 - 00000000 ____D C:\AdwCleaner 2015-08-07 17:06 - 2015-08-07 17:06 - 02248704 _____ C:\Users\MARKUS\Downloads\AdwCleaner_4.208.exe 2015-08-07 17:06 - 2015-08-07 17:06 - 00165340 _____ C:\Users\MARKUS\Desktop\mbam.txt 2015-08-07 17:03 - 2015-08-07 17:03 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-07 17:00 - 2015-08-07 17:00 - 00001398 _____ C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-07 16:10 - 2015-08-07 17:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-07 16:10 - 2015-08-07 16:10 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-08-07 16:10 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-07 16:10 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-07 16:10 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-07 16:09 - 2015-08-07 16:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MARKUS\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-07 15:47 - 2015-08-07 15:47 - 00001264 _____ C:\Users\MARKUS\Desktop\Revo Uninstaller.lnk 2015-08-07 15:47 - 2015-08-07 15:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-08-07 15:45 - 2015-08-07 15:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MARKUS\Downloads\revosetup95.exe 2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\SysWOW64\vbox 2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\system32\vbox 2015-08-05 12:12 - 2015-08-05 12:12 - 00032859 _____ C:\Users\MARKUS\Desktop\Addition.txt 2015-08-05 12:11 - 2015-08-08 14:06 - 00015467 _____ C:\Users\MARKUS\Desktop\FRST.txt 2015-08-05 12:11 - 2015-08-08 14:06 - 00000000 ____D C:\FRST 2015-08-05 12:10 - 2015-08-08 14:06 - 02169856 _____ (Farbar) C:\Users\MARKUS\Desktop\FRST64.exe 2015-08-05 12:09 - 2015-08-07 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-08-05 12:08 - 2015-08-08 13:18 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-05 12:08 - 2015-08-08 13:09 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-05 12:08 - 2015-08-05 12:13 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-05 12:08 - 2015-08-05 12:13 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-05 12:06 - 2015-08-05 12:06 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-05 12:06 - 2015-08-05 12:06 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-08-05 12:06 - 2015-08-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-08-05 12:06 - 2015-08-05 12:05 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-05 12:05 - 2015-08-05 12:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Program Files\Common Files\AV 2015-08-05 10:44 - 2015-08-05 10:44 - 00931408 _____ (Google Inc.) C:\Users\MARKUS\Downloads\ChromeSetup.exe 2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Deployment 2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Apps\2.0 2015-08-05 00:36 - 2015-08-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-08-04 23:55 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-04 23:55 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-04 23:54 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-08-04 23:54 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-08-04 23:54 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-08-04 23:54 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-08-04 23:54 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-08-04 23:54 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-08-04 23:53 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml 2015-08-04 23:53 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll 2015-08-04 23:53 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls 2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls 2015-08-04 23:52 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-08-04 23:52 - 2015-03-27 10:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll 2015-08-04 23:52 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-08-04 23:50 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2015-08-04 23:50 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2015-08-02 14:24 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-02 14:24 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-02 14:24 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-02 14:24 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-02 14:24 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-02 14:24 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-08-02 14:24 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-02 14:24 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-08-02 14:24 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-02 14:24 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-02 14:24 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-02 14:24 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-02 14:24 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-02 14:23 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-08-02 14:23 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-08-02 14:23 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-08-02 14:23 - 2015-05-09 01:39 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-02 14:23 - 2015-05-08 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-02 14:23 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-08-02 14:23 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-02 14:23 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-02 14:23 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-08-02 14:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-08-02 14:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-08-02 14:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2015-08-02 14:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-08-02 14:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-08-01 19:50 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-01 19:50 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-08-01 19:50 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-08-01 19:50 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-01 19:50 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-01 19:50 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-01 19:50 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-08-01 19:45 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-08-01 19:45 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2015-07-19 20:05 - 2015-04-25 05:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-07-19 20:05 - 2015-04-25 01:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-07-19 20:00 - 2015-07-19 20:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-08 14:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru 2015-08-08 13:53 - 2013-09-21 21:55 - 01910196 _____ C:\Windows\WindowsUpdate.log 2015-08-08 13:39 - 2015-01-04 16:43 - 00034275 _____ C:\Windows\diagwrn.xml 2015-08-08 13:39 - 2015-01-04 16:43 - 00034275 _____ C:\Windows\diagerr.xml 2015-08-08 13:39 - 2013-09-24 19:44 - 00632238 _____ C:\Windows\setupact.log 2015-08-08 13:39 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-08-08 13:33 - 2015-01-04 16:45 - 00003136 _____ C:\Windows\comsetup.log 2015-08-08 13:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Registration 2015-08-08 13:32 - 2014-11-22 00:00 - 00000000 ___HD C:\$Windows.~BT 2015-08-08 13:18 - 2013-09-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-08 13:16 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat 2015-08-08 13:16 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat 2015-08-08 13:16 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-08 13:15 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp 2015-08-08 13:14 - 2013-09-21 22:01 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-846433983-1932204352-779828525-1001 2015-08-08 13:11 - 2013-09-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-07 17:10 - 2013-09-24 18:42 - 00545238 _____ C:\Windows\PFRO.log 2015-08-07 17:10 - 2013-09-24 18:15 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS 2015-08-07 17:10 - 2013-09-21 23:43 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-08-07 17:10 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-07 17:05 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent 2015-08-07 16:59 - 2012-07-26 12:29 - 00000000 ____D C:\Windows\ShellNew 2015-08-07 15:42 - 2013-09-23 22:46 - 00000000 ____D C:\Windows\system32\MRT 2015-08-05 12:09 - 2013-09-21 23:44 - 00000000 ____D C:\Program Files (x86)\Google 2015-08-05 12:09 - 2013-09-21 21:55 - 00000000 ____D C:\Users\MARKUS\AppData\Local\VirtualStore 2015-08-05 12:06 - 2014-08-24 20:30 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-05 12:06 - 2014-01-25 12:47 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-08-05 12:06 - 2013-09-21 23:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-05 12:06 - 2013-09-21 23:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-05 12:05 - 2013-09-21 23:43 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-05 11:59 - 2015-04-16 14:07 - 00426040 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-05 11:58 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData 2015-08-05 11:58 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-08-05 11:58 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-01 20:11 - 2013-09-23 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-19 20:04 - 2013-09-21 22:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-19 20:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF 2015-07-13 23:22 - 2015-03-20 21:53 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-13 23:22 - 2015-03-20 21:53 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-08-05 12:05 - 2015-08-05 12:05 - 0032038 _____ () C:\Users\MARKUS\AppData\Roaming\Edge.ico Einige Dateien in TEMP: ==================== C:\Users\MARKUS\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\MARKUS\AppData\Local\Temp\Quarantine.exe C:\Users\MARKUS\AppData\Local\Temp\ResetDevice.exe C:\Users\MARKUS\AppData\Local\Temp\sqlite3.dll C:\Users\MARKUS\AppData\Local\Temp\Uni000.exe C:\Users\MARKUS\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-02 22:43 ==================== Ende von log ============================ |
09.08.2015, 07:09 | #9 |
/// the machine /// TB-Ausbilder | Youporndeutsch.co Virus/Maleware? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.08.2015, 05:29 | #10 |
| Youporndeutsch.co Virus/Maleware? Hi, hier der log.. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-08-2015 durchgeführt von MARKUS (2015-08-10 06:24:20) Run:1 Gestartet von C:\Users\MARKUS\Desktop Geladene Profile: MARKUS (Verfügbare Profile: MARKUS) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\$Recycle.Bin C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe Emptytemp: ***************** C:\$Recycle.Bin => erfolgreich verschoben. "C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll" => Datei/Ordner nicht gefunden. "C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe" => Datei/Ordner nicht gefunden. EmptyTemp: => 1.6 GB temporäre Dateien entfernt. Das System musste neu gestartet werden.. ==== Ende von Fixlog 06:24:32 ==== |
10.08.2015, 18:22 | #11 |
/// the machine /// TB-Ausbilder | Youporndeutsch.co Virus/Maleware? fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.08.2015, 15:25 | #12 |
| Youporndeutsch.co Virus/Maleware? Ja super, herzlichen Dank! |
13.08.2015, 09:47 | #13 |
/// the machine /// TB-Ausbilder | Youporndeutsch.co Virus/Maleware? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Youporndeutsch.co Virus/Maleware? |
andere, folge, folgendes, fotos, freundin, generell, kinox.to, laptop, nicht mehr, plötzlich, sache, sachen, schließe, schließen, seite, task-manager, unterwegs, öffnen |