Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.04.2014, 10:17   #1
kirsten_ay
 
Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Standard

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up



Hallo,
bin hier neu und auch nicht so up to date was Sachen PC angeht. Hoffe ihr könnt mir als Laien auch helfen und entschuldigt schon jetzt vorab,wenn ich mich ein wenig blöd anstelle.
Meine Tochter hat sich hier auf ihrem Laptop einen Trojaner eingefangen namens rvzr-a.akamaihd und wohl auch cr.tractionize.
Habe bereits nach Anweisung die verschiedenen Logs erstellt:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:42 on 25/04/2014 (khadijah)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by khadijah (administrator) on KHADIJAH on 25-04-2014 10:47:48
Running from C:\Users\khadijah\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Parallel Lines Development, LLC) C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\khadijah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\khadijah\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-01] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Atheros Communications))
HKU\S-1-5-21-405205487-459700943-3704750344-1002\...\Run: [Spotify Web Helper] => C:\Users\khadijah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-13] (Spotify Ltd)
HKU\S-1-5-21-405205487-459700943-3704750344-1002\...\Run: [Spotify] => C:\Users\khadijah\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-13] (Spotify Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9F6A60D4-78A8-41D1-B6B9-8CE490978710&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}
SearchScopes: HKLM - {DF81D251-65E4-40CD-9EA8-5218C003469E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {DF81D251-65E4-40CD-9EA8-5218C003469E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {DF81D251-65E4-40CD-9EA8-5218C003469E} URL = 
BHO: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho64.dll (HQ-Video)
BHO-x32: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-bho.dll (HQ-Video)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default
FF user.js: detected! => C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\user.js
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HQ-Video-Profession-1.3 - C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-03-09]
FF Extension: Adblock Plus - C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-23]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\quick_start@gmail.com

Chrome: 
=======
CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF
CHR StartupUrls: "hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF"
CHR Extension: (Google Docs) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (YouTube) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]
CHR Extension: (Google-Suche) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]
CHR Extension: (HQ-Video-Profession-1.3) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-02-23]
CHR Extension: (Google Wallet) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (Google Mail) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-15] (Parallel Lines Development, LLC)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 10:44 - 2014-04-25 10:47 - 00015931 _____ () C:\Users\khadijah\Downloads\FRST.txt
2014-04-25 10:44 - 2014-04-25 10:44 - 00000000 ____D () C:\Users\khadijah\Downloads\FRST-OlderVersion
2014-04-25 10:41 - 2014-04-25 10:42 - 00000478 _____ () C:\Users\khadijah\Desktop\defogger_disable.log
2014-04-25 10:41 - 2014-04-25 10:41 - 00050477 _____ () C:\Users\khadijah\Downloads\Defogger.exe
2014-04-25 10:41 - 2014-04-25 10:41 - 00000000 _____ () C:\Users\khadijah\defogger_reenable
2014-04-25 10:40 - 2014-04-25 10:40 - 00001709 _____ () C:\Users\khadijah\Desktop\Continue FLV Player.lnk
2014-04-25 10:39 - 2014-04-25 10:39 - 00991840 _____ () C:\Users\khadijah\Downloads\setup.exe
2014-04-25 10:08 - 2014-04-25 10:08 - 00002560 _____ () C:\WINDOWS\PFRO.log
2014-04-23 19:30 - 2014-04-25 10:46 - 00000000 ____D () C:\FRST
2014-04-23 19:29 - 2014-04-25 10:44 - 02061824 _____ (Farbar) C:\Users\khadijah\Downloads\FRST64.exe
2014-04-23 17:04 - 2014-04-23 19:17 - 00000000 ____D () C:\Users\khadijah\Documents\Anti-Malware
2014-04-23 17:01 - 2014-04-24 23:06 - 00150751 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 16:59 - 2014-04-23 17:02 - 223568888 _____ (Emsisoft GmbH ) C:\Users\khadijah\Downloads\EmsisoftAntiMalwareSetup_81040.exe
2014-04-23 16:49 - 2014-04-23 16:51 - 312761032 _____ (Norman Shark AS) C:\Users\khadijah\Downloads\Norman_Malware208_Cleaner.exe
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Nitro
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\LSC
2014-04-23 16:06 - 2014-04-23 16:06 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-04-23 14:46 - 2014-04-23 14:46 - 00003366 _____ () C:\Users\khadijah\Documents\cc_20140423_144609.reg
2014-04-23 14:28 - 2014-04-23 14:28 - 00907018 _____ () C:\Users\khadijah\Downloads\adblockplus-2.5.1.zip
2014-04-22 22:33 - 2014-04-22 22:33 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64(1).exe
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-22 22:29 - 2014-04-22 22:29 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64.exe
2014-04-22 22:05 - 2014-04-22 22:05 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\Lenovo
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\CyberLink
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\CyberLink
2014-04-13 20:33 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-13 20:33 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-13 20:32 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-04-13 20:32 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-04-12 01:04 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-04-12 01:04 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-04-12 01:04 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-04-12 01:04 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-04-12 01:04 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2014-04-12 01:04 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 01:04 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 01:04 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-04-12 01:04 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2014-04-12 01:04 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 01:04 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-04-12 01:04 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-12 01:04 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-04-12 01:04 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-04-12 01:04 - 2014-01-27 01:17 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-04-12 01:04 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-04-12 01:04 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-04-12 01:04 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-04-12 01:04 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-04-12 01:04 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-04-11 10:25 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-11 10:25 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-11 10:25 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-11 10:25 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-08 17:55 - 2014-04-08 17:55 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-04-25 10:48 - 2014-04-25 10:44 - 00015931 _____ () C:\Users\khadijah\Downloads\FRST.txt
2014-04-25 10:47 - 2014-04-23 19:30 - 00000000 ____D () C:\FRST
2014-04-25 10:44 - 2014-04-25 10:44 - 00000000 ____D () C:\Users\khadijah\Downloads\FRST-OlderVersion
2014-04-25 10:44 - 2014-04-23 19:29 - 02061824 _____ (Farbar) C:\Users\khadijah\Downloads\FRST64.exe
2014-04-25 10:42 - 2014-04-25 10:41 - 00000478 _____ () C:\Users\khadijah\Desktop\defogger_disable.log
2014-04-25 10:41 - 2014-04-25 10:41 - 00050477 _____ () C:\Users\khadijah\Downloads\Defogger.exe
2014-04-25 10:41 - 2014-04-25 10:41 - 00000000 _____ () C:\Users\khadijah\defogger_reenable
2014-04-25 10:41 - 2013-12-25 01:58 - 00000000 ____D () C:\Users\khadijah
2014-04-25 10:40 - 2014-04-25 10:40 - 00001709 _____ () C:\Users\khadijah\Desktop\Continue FLV Player.lnk
2014-04-25 10:39 - 2014-04-25 10:39 - 00991840 _____ () C:\Users\khadijah\Downloads\setup.exe
2014-04-25 10:17 - 2014-02-02 15:48 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Spotify
2014-04-25 10:16 - 2014-02-23 19:21 - 00001604 _____ () C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-updater.job
2014-04-25 10:16 - 2014-02-23 19:20 - 00001560 _____ () C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-codedownloader.job
2014-04-25 10:16 - 2014-02-23 19:20 - 00001458 _____ () C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-enabler.job
2014-04-25 10:16 - 2014-02-23 19:19 - 00003164 _____ () C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job
2014-04-25 10:16 - 2014-02-23 19:19 - 00002686 _____ () C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job
2014-04-25 10:16 - 2014-01-29 18:44 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-25 10:16 - 2013-12-25 02:00 - 00000000 ___RD () C:\Users\khadijah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-25 10:16 - 2013-12-25 02:00 - 00000000 ___RD () C:\Users\khadijah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-25 10:13 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-25 10:12 - 2013-11-01 23:58 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-25 10:12 - 2013-11-01 23:58 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-25 10:12 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-25 10:09 - 2014-01-29 18:44 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 10:08 - 2014-04-25 10:08 - 00002560 _____ () C:\WINDOWS\PFRO.log
2014-04-25 10:08 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-24 23:07 - 2012-07-26 07:26 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-24 23:06 - 2014-04-23 17:01 - 00150751 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-24 23:06 - 2013-11-01 16:25 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2014-04-24 23:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-04-24 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-04-24 23:05 - 2013-12-25 11:36 - 05856614 _____ () C:\Users\Public\CAFADEBUG.log
2014-04-24 20:52 - 2014-02-02 15:49 - 00000000 ____D () C:\Users\khadijah\AppData\Local\Spotify
2014-04-23 19:17 - 2014-04-23 17:04 - 00000000 ____D () C:\Users\khadijah\Documents\Anti-Malware
2014-04-23 18:37 - 2014-02-23 19:19 - 00000000 ____D () C:\Program Files (x86)\HQ-Video-Profession-1.3
2014-04-23 17:16 - 2013-12-25 14:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-23 17:13 - 2013-12-25 14:24 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-23 17:03 - 2013-12-25 02:51 - 00322560 ___SH () C:\Users\khadijah\Downloads\Thumbs.db
2014-04-23 17:02 - 2014-04-23 16:59 - 223568888 _____ (Emsisoft GmbH ) C:\Users\khadijah\Downloads\EmsisoftAntiMalwareSetup_81040.exe
2014-04-23 16:51 - 2014-04-23 16:49 - 312761032 _____ (Norman Shark AS) C:\Users\khadijah\Downloads\Norman_Malware208_Cleaner.exe
2014-04-23 16:17 - 2014-02-10 18:58 - 00000000 ____D () C:\Users\khadijah\AppData\Local\CrashDumps
2014-04-23 16:09 - 2013-12-25 02:09 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Nitro PDF
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Nitro
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\LSC
2014-04-23 16:06 - 2014-04-23 16:06 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-04-23 16:06 - 2013-12-25 02:09 - 00000000 ____D () C:\Users\khadijah\AppData\Local\LSC
2014-04-23 16:06 - 2013-11-01 16:25 - 00000000 ____D () C:\ProgramData\Lenovo
2014-04-23 16:06 - 2013-11-01 16:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-04-23 16:06 - 2013-11-01 16:12 - 00000000 ____D () C:\Program Files\Lenovo
2014-04-23 16:05 - 2013-11-01 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-04-23 16:04 - 2013-11-01 16:12 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-04-23 14:46 - 2014-04-23 14:46 - 00003366 _____ () C:\Users\khadijah\Documents\cc_20140423_144609.reg
2014-04-23 14:28 - 2014-04-23 14:28 - 00907018 _____ () C:\Users\khadijah\Downloads\adblockplus-2.5.1.zip
2014-04-22 22:34 - 2014-02-02 21:44 - 00075264 ___SH () C:\Users\khadijah\Documents\Thumbs.db
2014-04-22 22:33 - 2014-04-22 22:33 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64(1).exe
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-22 22:29 - 2014-04-22 22:29 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64.exe
2014-04-22 22:05 - 2014-04-22 22:05 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-22 22:05 - 2014-02-04 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-22 22:05 - 2014-02-04 22:24 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-22 22:05 - 2014-01-26 18:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\Lenovo
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\CyberLink
2014-04-20 11:22 - 2013-12-25 02:00 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Lenovo
2014-04-20 11:22 - 2013-11-01 16:21 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\CyberLink
2014-04-18 11:34 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-04-08 17:55 - 2014-04-08 17:55 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-07 10:04 - 2014-01-29 18:44 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-07 10:04 - 2014-01-29 18:44 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 23:18 - 2013-12-28 18:39 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-12-28 18:39 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-28 08:26 - 2013-12-25 02:07 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-405205487-459700943-3704750344-1002

Some content of TEMP:
====================
C:\Users\khadijah\AppData\Local\Temp\avgnt.exe
C:\Users\khadijah\AppData\Local\Temp\instract.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-14 10:29

==================== End Of Log ============================
         
--- --- ---
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-25 11:02:47
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST500LM000-1EJ162 rev.LVD3 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\khadijah\AppData\Local\Temp\agdyqpob.sys


---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\atiesrxx.exe[920] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff784b177a 4 bytes [4B, 78, FF, 07]
.text C:\WINDOWS\system32\atiesrxx.exe[920] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff784b1782 4 bytes [4B, 78, FF, 07]
.text C:\WINDOWS\system32\atieclxx.exe[3748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff784b177a 4 bytes [4B, 78, FF, 07]
.text C:\WINDOWS\system32\atieclxx.exe[3748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff784b1782 4 bytes [4B, 78, FF, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[3368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff74c51532 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[3368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff74c5153a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[3368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff74c5165a 4 bytes [C5, 74, FF, 07]
.text C:\WINDOWS\Explorer.EXE[1756] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff74c51532 4 bytes [C5, 74, FF, 07]
.text C:\WINDOWS\Explorer.EXE[1756] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff74c5153a 4 bytes [C5, 74, FF, 07]
.text C:\WINDOWS\Explorer.EXE[1756] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff74c5165a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2592] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff74c51532 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2592] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff74c5153a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2592] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff74c5165a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDIntelligent.exe[2808] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff74c51532 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDIntelligent.exe[2808] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff74c5153a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files\Elantech\ETDIntelligent.exe[2808] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff74c5165a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff74c51532 4 bytes [C5, 74, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff74c5153a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff74c5165a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff6e701b32 4 bytes [70, 6E, FF, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4176] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff6e701b3a 4 bytes [70, 6E, FF, 07]
.text C:\Windows\RTFTrack.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff74c51532 4 bytes [C5, 74, FF, 07]
.text C:\Windows\RTFTrack.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff74c5153a 4 bytes [C5, 74, FF, 07]
.text C:\Windows\RTFTrack.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff74c5165a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4300] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff74c51532 4 bytes [C5, 74, FF, 07]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4300] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff74c5153a 4 bytes [C5, 74, FF, 07]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4300] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff74c5165a 4 bytes [C5, 74, FF, 07]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [600:632] fffff9600085d5e8
Thread C:\WINDOWS\system32\svchost.exe [1484:1852] 000007ff71791544
Thread C:\WINDOWS\system32\svchost.exe [1484:2072] 000007ff6f2755dc
Thread C:\WINDOWS\system32\svchost.exe [1484:2984] 000007ff722a4910
Thread C:\WINDOWS\system32\svchost.exe [1484:4852] 000007ff722a1044
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2300:2120] 000007ff6cdc76c0
---- Processes - GMER 2.1 ----

Process C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (*** suspicious ***) @ C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [1800] (Internet Updater Service/Parallel Lines Development, LLC)(2014-01-15 01:07:04) 0000000000c50000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
         
So. Habe nun nach eurer Anleitung hoffentlich alles richtig gemacht. Danke im voraus. Übrigens das Antivir hat nichts gefunden, konnte also auch kein Ergebnis schicken.

Alt 25.04.2014, 10:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Standard

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up



hi,

Addition.txt von FRST fehlt noch.
__________________

__________________

Alt 25.04.2014, 14:34   #3
kirsten_ay
 
Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Standard

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up



Hi,
bei FRST hat er mir nur das ausgegeben, was ich dir geschickt habe. Mehr hab ich nicht. Muss ich noch was anklicken, bevor ich mit dem Ding da rüberscanne??? Ich habe nichts verändert, sondern so gescannt wie ich es gedownloadet habe.

Kann ich FRST nochmal deinstallieren und dann nochmal den Log neu machen? Vielleicht gehts dann mit Addition txt. Habs eben über den normalen Pc laufen lassen, da gibt er mir die TXT datei aus.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-04-2014 01
Ran by khadijah at 2014-04-25 15:32:30
Running from C:\Users\khadijah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30424 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B6CEDB2C-C8F8-7213-7BDD-9409B34F77EA}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0424.1659.28626 - Ihr Firmenname) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2013.0424.1659.28626 - Ihr Firmenname) Hidden
Avira (HKLM-x32\...\{c13d72f9-bcdd-4c16-a942-7373a528171e}) (Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HQ-Video-Profession-1.3 (HKLM-x32\...\HQ-Video-Profession-1.3) (Version: 1.34.1.29 - HQ-Video) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Ihr Firmenname)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39042 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software)
Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden

==================== Restore Points  =========================

20-03-2014 18:18:42 Windows Update
13-04-2014 18:24:59 Windows Update
22-04-2014 19:50:52 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D3558E0-FFEF-4A8C-B3AC-3A4C2113CD6A} - System32\Tasks\HQ-Video-Profession-1.3-chromeinstaller => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe <==== ATTENTION
Task: {0DBE2A08-4668-41A7-8058-049E7600C88F} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1F0FEF75-D949-400A-B7C4-6E4D50E4CF31} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2F0B54C5-38EB-46C4-AA4C-37BF9AC9EB45} - System32\Tasks\HQ-Video-Profession-1.3-updater => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-updater.exe <==== ATTENTION
Task: {38115E06-7285-4B76-922D-B3BF5C4726FE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {3FE9C113-02AF-4007-8CC2-B5A1C7E731B9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {420143A4-53FE-4E72-9205-DDAEE8D96803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)
Task: {4ADB07E9-FDE5-43EC-9E35-9B04143C740E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {6A6A0A10-48F1-4C36-AF65-5F9A7670AFFD} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {77A0A2FF-02FE-4E1C-8315-CE57818DF473} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {93659BD0-8DA0-4923-8432-74583652CFCA} - System32\Tasks\HQ-Video-Profession-1.3-codedownloader => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exe <==== ATTENTION
Task: {93D4A5AF-8F51-480F-86CF-A466EAB91E1B} - System32\Tasks\HQ-Video-Profession-1.3-enabler => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-enabler.exe <==== ATTENTION
Task: {A00B1235-A6B6-4246-A5B0-877593862DFC} - System32\Tasks\HQ-Video-Profession-1.3-firefoxinstaller => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exe <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D68CAD21-0F6F-4D26-B487-6F2CE7B05A71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EFEE0094-9526-47AC-B20E-AE1DA29714EC} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-codedownloader.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-enabler.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HQ-Video-Profession-1.3-updater.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-04-24 18:10 - 2013-04-24 18:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-11-01 16:25 - 2013-11-01 16:25 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-11-01 16:25 - 2013-11-01 16:25 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-01-25 01:09 - 2013-01-25 01:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 01:05 - 2013-01-25 01:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 01:12 - 2013-01-25 01:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-04-24 18:10 - 2013-04-24 18:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-11 23:19 - 2013-12-18 10:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-15 18:34 - 2014-04-15 18:34 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:33 - 2014-04-15 18:33 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-02-11 23:20 - 2014-04-15 18:33 - 00049744 _____ () C:\Users\khadijah\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-12-25 02:05 - 2013-12-05 21:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: UMDF HID minidriver Device
Description: UMDF HID minidriver Device
Class Guid: {177b1d2a-679c-4093-98bf-fd6999695d3b}
Manufacturer: Lenovo
Service: mshidumdf
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 10:53:54 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/23/2014 05:12:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/23/2014 04:11:22 PM) (Source: nlsX86cc) (User: )
Description: Stop request seennlsX86cc error: 0

Error: (04/23/2014 03:26:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe, Version: 12.0.0.77, Zeitstempel: 0x5314f5f7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x020f72e8
ID des fehlerhaften Prozesses: 0x1074
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_12_0_0_77.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_12_0_0_77.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_12_0_0_77.exe2
Berichtskennung: FlashPlayerPlugin_12_0_0_77.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_12_0_0_77.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_12_0_0_77.exe5

Error: (04/23/2014 01:53:51 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/13/2014 10:36:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d293
Name des fehlerhaften Moduls: mozalloc.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0af28
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x1404
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (04/13/2014 09:18:12 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/13/2014 08:44:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: KHADIJAH)
Description: Bei der Aktivierung der App „63099Moonlighting.SuperPhotoFree_hths5t1tmnj8m!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/13/2014 08:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: KHADIJAH)
Description: Die App „63099Moonlighting.SuperPhotoFree_hths5t1tmnj8m!App“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (04/12/2014 01:01:34 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005


System errors:
=============
Error: (04/25/2014 01:11:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/25/2014 10:26:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/24/2014 08:52:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/23/2014 04:08:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/22/2014 09:55:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (03/16/2014 11:53:53 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/16/2014 11:53:53 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/16/2014 11:53:53 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/15/2014 06:46:27 PM) (Source: DCOM) (User: KHADIJAH)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}khadijahkhadijahS-1-5-21-405205487-459700943-3704750344-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/15/2014 06:46:26 PM) (Source: DCOM) (User: KHADIJAH)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}khadijahkhadijahS-1-5-21-405205487-459700943-3704750344-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (04/25/2014 10:53:54 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/23/2014 05:12:29 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\Lenovo\powerdvd10\Activate.exe

Error: (04/23/2014 04:11:22 PM) (Source: nlsX86cc)(User: )
Description: Stop request seennlsX86cc error: 0

Error: (04/23/2014 03:26:16 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_12_0_0_77.exe12.0.0.775314f5f7unknown0.0.0.000000000c0000005020f72e8107401cf5ef25475806bC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exeunknownd8b02e67-caea-11e3-be8b-a4db30784783

Error: (04/23/2014 01:53:51 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/13/2014 10:36:46 PM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293mozalloc.dll26.0.0.508752a0af28800000030000119c140401cf574994e67b75C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll545f8a3c-c34b-11e3-be8a-a4db30784783

Error: (04/13/2014 09:18:12 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/13/2014 08:44:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: KHADIJAH)
Description: 63099Moonlighting.SuperPhotoFree_hths5t1tmnj8m!App-2144927142

Error: (04/13/2014 08:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: KHADIJAH)
Description: 63099Moonlighting.SuperPhotoFree_hths5t1tmnj8m!App

Error: (04/12/2014 01:01:34 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3279.25 MB
Available physical RAM: 1535.47 MB
Total Pagefile: 12495.25 MB
Available Pagefile: 10368.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.96 GB) (Free:373.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9BBF8C2D)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
doch noch gefunden, sorry!!!!
__________________

Alt 26.04.2014, 08:20   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Standard

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up



Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.04.2014, 14:13   #5
kirsten_ay
 
Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Standard

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up



Hallo,
ich schicke jeden Log einzeln. Ansonsten ist die Datei wohl zu groß und müsste gezippt werden. So wie ich es verstanden habe, ist das hier nicht so gerne gesehen.

[CODE] Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.04.2014
Suchlauf-Zeit: 14:18:24
Logdatei: mban.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.28.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: khadijah

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 251559
Verstrichene Zeit: 19 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, 1884, Löschen bei Neustart, [f30d4ab6ad5328d82fd93913c23f738d]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 33
PUP.Optional.InternetUpdaterService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\InternetUpdater, In Quarantäne, [f30d4ab6ad5328d82fd93913c23f738d],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [53ad718f14ec6e922ed864b92fd38f71],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [53ad718f14ec6e922ed864b92fd38f71],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [23dd699751af2dd3ae26f32961a1ae52],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [23dd699751af2dd3ae26f32961a1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2cd4ed13c53b6997b08fff1d37cbca36],
PUP.Optional.InternetUpdater.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InternetUpdater, In Quarantäne, [fb053ac6d42c42be356a7e094db5ea16],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051578.BHO, In Quarantäne, [e11fb54b0ef23cc455afe0be8f74e917],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051578.BHO.1, In Quarantäne, [be4216ea8d73e31d60a45e40669d4ab6],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051578.Sandbox, In Quarantäne, [45bbb34dd92721df0cf8c3dbe51e8e72],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0051578.Sandbox.1, In Quarantäne, [60a0ae5249b77987a2623c6237ccc33d],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b64a30d0c63a31cf83626a3e748f3dc3],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051578.BHO, In Quarantäne, [986836ca3ec299670cf89c02b94a0cf4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051578.BHO.1, In Quarantäne, [758b2dd3867aae5248bce4ba3ec5738d],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051578.Sandbox, In Quarantäne, [4cb43ac6827e59a72dd7f8a64eb5e51b],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0051578.Sandbox.1, In Quarantäne, [b44ce21e956b8779b74da4face356c94],
PUP.Optional.FevenPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro 1.2, Löschen bei Neustart, [33cdfc0411ef4fb198b8a2df3ec4946c],
PUP.Optional.HQVideoProfession.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Profession-1.3, Löschen bei Neustart, [0af6bf41e51bd12f6280b1ce23df44bc],
PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, Löschen bei Neustart, [e51bea164bb5b34d3dac3948ec161de3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-405205487-459700943-3704750344-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ad53fd035ba5966a2e7f971a04ff12ee],
PUP.Optional.HQVideoProfession.A, HKU\S-1-5-21-405205487-459700943-3704750344-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Profession-1.3, In Quarantäne, [9b65649cc33d22de52900d720cf6cd33],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511151178}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511151178}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544154478}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555155578}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566156678}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555155578}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566156678}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544154478}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511151178}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511151178}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKU\S-1-5-21-405205487-459700943-3704750344-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511151178}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],
PUP.Optional.CrossRider.M, HKU\S-1-5-21-405205487-459700943-3704750344-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511151178}, In Quarantäne, [0df3916f709010f04d023afbd62efe02],

Registrierungswerte: 2
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\quick_start@gmail.com, In Quarantäne, [6f917987ea16c43c6b3fc5b5758d5da3]
PUP.Optional.InternetUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER|ImagePath, "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe", In Quarantäne, [cb35827e45bbca36217facdb37cb51af]

Registrierungsdaten: 12
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF),Ersetzt,[d62ac838718fa25e516ace5a5fa522de]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}),Ersetzt,[27d9619f956b52ae24998d9b1be94bb5]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF),Ersetzt,[d42c59a7c040837d3c7ce444857fb947]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF),Ersetzt,[4db35aa642be19e7734cbc6cab5902fe]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ba4607f903fd3bc58befa58d13f1c53b]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF),Ersetzt,[27d9ca3601ffe31d3b80af7916eee917]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/web/?type=ds&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF&q={searchTerms}),Ersetzt,[a45cd42cc63adb25a9149593768eb947]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF),Ersetzt,[16eaf50b659b7e820cac53d59e6660a0]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF),Ersetzt,[6c9401ff17e9f60a704f7eaaac5826da]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[e21e926edb2510f0ed8dd16132d28e72]
PUP.Optional.Conduit.A, HKU\S-1-5-21-405205487-459700943-3704750344-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9F6A60D4-78A8-41D1-B6B9-8CE490978710&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9F6A60D4-78A8-41D1-B6B9-8CE490978710&SSPV=),Ersetzt,[b24e1ce478882ad6ae3550d853b14cb4]
PUP.Optional.Awesomehp.A, HKU\S-1-5-21-405205487-459700943-3704750344-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF),Ersetzt,[c23eb94754ac34cc5f5a3aeefb096799]

Ordner: 28
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater, Löschen bei Neustart, [fb053ac6d42c42be356a7e094db5ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\userCode, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\icons, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\icons\actions, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\api, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\popupResource, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.HQVideoProfession.A, C:\Program Files (x86)\HQ-Video-Profession-1.3, In Quarantäne, [ff01f10f718fcf314f17adbb3fc3936d],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\defaults, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\defaults\preferences, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\userCode, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\locale, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\locale\en-US, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0, In Quarantäne, [639d5ca4649caf516fe56705c04230d0],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],

Dateien: 228
PUP.Optional.InternetUpdaterService.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe, Löschen bei Neustart, [f30d4ab6ad5328d82fd93913c23f738d],
PUP.Optional.HQVideoProfession.A, C:\$Recycle.Bin\S-1-5-21-405205487-459700943-3704750344-1002\$R0BI8V0.dll, In Quarantäne, [2dd3c43cb44cb64adee3e772d031768a],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-405205487-459700943-3704750344-1002\$RJMU9HF.exe, In Quarantäne, [788835cb60a06e92c6505de3986849b7],
PUP.Optional.HQVideoProfession.A, C:\$Recycle.Bin\S-1-5-21-405205487-459700943-3704750344-1002\$RPWA7O1.dll, In Quarantäne, [8a762bd5f40ce9174e73342520e157a9],
PUP.Optional.HQVideoProfession.A, C:\$Recycle.Bin\S-1-5-21-405205487-459700943-3704750344-1002\$RS8OT0R.exe, In Quarantäne, [54acb24e9a6621df625fc9909d6424dc],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [b947bc4436ca23dd8294f9479a6601ff],
PUP.Optional.BundleInstaller.A, C:\Users\khadijah\Downloads\Java(1).exe, In Quarantäne, [f80836ca25dbe8181e26e859639e4ab6],
PUP.Optional.BundleInstaller.A, C:\Users\khadijah\Downloads\Java.exe, In Quarantäne, [14ec45bb5ea218e8bb89ec552ad7857b],
PUP.Optional.DomaIQ, C:\Users\khadijah\Downloads\Player.exe, In Quarantäne, [da26817f58a810f0842a6ecb817f22de],
PUP.Optional.OutBrowse, C:\Users\khadijah\Downloads\setup.exe, In Quarantäne, [7a86ec14629e1ce40b0adc9544bda65a],
PUP.Optional.Conduit.A, C:\Users\khadijah\Downloads\CCleaner_TSV23283W.exe, In Quarantäne, [24dc50b000006898cfe7b195827f8f71],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage, In Quarantäne, [8f7117e9639d79871cd7680fe9199868],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage-journal, In Quarantäne, [a15f4db357a9cd33b93a6e095ea43fc1],
PUP.Optional.HQVideoProfession.A, C:\Windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job, In Quarantäne, [df21dd23f709db25a14036497b87c937],
PUP.Optional.HQVideoProfession.A, C:\Windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job, In Quarantäne, [01ff39c7ac543dc33ca5b8c7e41e47b9],
PUP.Optional.HQVideoProfession.A, C:\Windows\Tasks\HQ-Video-Profession-1.3-enabler.job, In Quarantäne, [55ab2bd5c04026da1fc294eb867c31cf],
PUP.Optional.HQVideoProfession.A, C:\Windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job, In Quarantäne, [42beac54eb1506fafde4c8b7c14126da],
PUP.Optional.HQVideoProfession.A, C:\Windows\Tasks\HQ-Video-Profession-1.3-updater.job, In Quarantäne, [11efab55629e04fca53ce59a6c960ff1],
PUP.Optional.Awesomehp.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\awesomehp.xml, In Quarantäne, [718fb14fee12da26e0c6d0b304fe19e7],
PUP.Optional.NewTab.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, In Quarantäne, [3ac6699729d748b88331fe85d2301ce4],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdater.ico, In Quarantäne, [fb053ac6d42c42be356a7e094db5ea16],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\app.dat, In Quarantäne, [fb053ac6d42c42be356a7e094db5ea16],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\data.dat, In Quarantäne, [fb053ac6d42c42be356a7e094db5ea16],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config, In Quarantäne, [fb053ac6d42c42be356a7e094db5ea16],
PUP.Optional.InternetUpdater.A, C:\ProgramData\InternetUpdater\Uninstall.exe, In Quarantäne, [fb053ac6d42c42be356a7e094db5ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\background.html, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\chromeCoreFilesIndex.txt, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\crossriderManifest.json, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\manifest.json, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\popup.html, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\manifest.xml, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins.json, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\207_dbWrapper.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\102_dealply_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\177_crossriderDashboard.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\178_revizer_ws_dynamic_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\179_revizer_p_dynamic_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\17_jQuery.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\180_bpo_serp_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\182_openUrl.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\183_tabsWrapper.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\184_noproblemppc_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\190_pops_5_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\191_ciuvo_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\195_icm_convertmedia_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\19_CHAppAPIWrapper.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\1_base.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\21_debug.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\220_icm_base_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\221_icm_downloads_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\223_imonomy_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\22_resources.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\28_initializer.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\47_resources_background.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\7_hooks.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\80_CHPopupAppAPI.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\97_resourceApiWrapper.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\userCode\background.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\extensionData\userCode\extension.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\icons\icon128.png, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\icons\icon16.png, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\icons\icon48.png, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\icons\actions\1.png, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\background.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\main.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\platformVersion.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\api\chrome.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\api\cookie.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\api\message.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\api\monitor.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\api\pageAction.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\api\pageActionBG.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\app_api.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\bg_app_api.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\consts.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\cookie_store.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\crossriderAPI.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\delegate.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\events.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\extensionDataStore.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\installer.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\logFile.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\logging.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\onBGDocumentLoad.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\reports.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\storageWrapper.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\updateManager.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\util.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\xhr.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\popupResource\newPopup.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.19_0\js\lib\popupResource\popup.js, In Quarantäne, [ff010ef2857b55ab96ccf870ac56ea16],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome.manifest, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\install.rdf, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\background.html, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\baseObject.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\browser.xul, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\dialog.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\main.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\options.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\options.xul, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\platformVersion.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\search_dialog.xul, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\asyncDB.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\background.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\browserAction.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\contextMenu.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\dbManager.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\dom_bg.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\fileManager.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\firefox.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\message.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\pageAction.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\request.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\tabs.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\webRequest.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\api\windowsMessagingHandler.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\addressBarChangeObserver.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\console.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\consts.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\delegate.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\httpObserver.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\installer.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\logFile.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\prefs.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\registry.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\reloadObserver.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\reports.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\requestObject.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\searchSettings.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\updateManager.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\utils.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\xhr.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\defaults\preferences\prefs.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\manifest.xml, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins.json, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\22_resources.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\102_dealply_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\119_similar_web_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\123_intext_adv_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\16_FFAppAPIWrapper.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\177_crossriderDashboard.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\231_revizer_ws_dynamic_2_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\232_revizer_p_dynamic_2_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\242_price_gong_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\246_setup.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\28_initializer.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\47_resources_background.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\7_hooks.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\98_omniCommands.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\178_revizer_ws_dynamic_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\179_revizer_p_dynamic_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\17_jQuery.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\180_bpo_serp_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\182_openUrl.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\183_tabsWrapper.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\184_noproblemppc_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\190_pops_5_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\191_ciuvo_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\195_icm_convertmedia_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\1_base.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\207_dbWrapper.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\21_debug.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\220_icm_base_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\221_icm_downloads_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\223_imonomy_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\226_set_campaign_id_m.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\userCode\background.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\userCode\extension.js, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\locale\en-US\translations.dtd, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\button1.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\button2.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\button3.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\button4.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\button5.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\crossrider_statusbar.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\icon128.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\icon16.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\icon24.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\icon48.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\panelarrow-up.png, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\popup.html, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\skin.css, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\skin\update.css, In Quarantäne, [b050b54bc040b9475d9952171ce6817f],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0\1, In Quarantäne, [639d5ca4649caf516fe56705c04230d0],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000032.ldb, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000034.ldb, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000043.ldb, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000044.log, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\CURRENT, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOCK, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG.old, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\MANIFEST-000042, In Quarantäne, [14ec47b99070d62a035bd894f80ab54b],
PUP.Optional.Awesomehp.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF",), Ersetzt,[10f0d12f6b95ec14c89e1e4070943cc4]
PUP.Optional.Awesomehp.A, C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.awesomehp.com/?type=hp&ts=1393175910&from=tugs&uid=ST500LM000-1EJ162_W37110WFXXXXW37110WF" ],), Ersetzt,[d32dd927e9177a86593f4f0f62a2a65a]
PUP.Optional.CrossRider.A, C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1445fc2e15b4c543d76b8fd28e63a542"), Ersetzt,[49b7bd43ea16cd3353852c31b64ea45c]

Physische Sektoren: 0
(No malicious items detected)


(end)[CODE]

Code:
ATTFilter
# AdwCleaner v3.204 - Bericht erstellt am 28/04/2014 um 14:33:46
# Aktualisiert 26/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : khadijah - KHADIJAH
# Gestartet von : C:\Users\khadijah\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\khadijah\AppData\Local\Tuguu_SL
Ordner Gelöscht : C:\Users\khadijah\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\khadijah\Documents\Optimizer Pro
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKCU\Software\IM

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1445fc2e15b4c543d76b8fd28e63a542");

-\\ Google Chrome v32.0.1700.102

[ Datei : C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : lndipknmjijnalnkamonmljeaojdbpna
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [2522 octets] - [28/04/2014 14:30:39]
AdwCleaner[S0].txt - [2158 octets] - [28/04/2014 14:33:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2218 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by khadijah on 28.04.2014 at 14:39:48,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\khadijah\AppData\Roaming\mozilla\firefox\profiles\lkbbmhcz.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.04.2014 at 14:47:38,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by khadijah (administrator) on KHADIJAH on 28-04-2014 14:49:22
Running from C:\Users\khadijah\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SAsrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Spotify Ltd) C:\Users\khadijah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-11-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-01] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Atheros Communications))
HKU\S-1-5-21-405205487-459700943-3704750344-1002\...\Run: [Spotify Web Helper] => C:\Users\khadijah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-13] (Spotify Ltd)
HKU\S-1-5-21-405205487-459700943-3704750344-1002\...\Run: [Spotify] => C:\Users\khadijah\AppData\Roaming\Spotify\spotify.exe [6087224 2014-04-13] (Spotify Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {DF81D251-65E4-40CD-9EA8-5218C003469E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {DF81D251-65E4-40CD-9EA8-5218C003469E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {DF81D251-65E4-40CD-9EA8-5218C003469E} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\khadijah\AppData\Roaming\Mozilla\Firefox\Profiles\lkbbmhcz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-23]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (YouTube) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]
CHR Extension: (Google-Suche) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]
CHR Extension: (Google Wallet) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (Google Mail) - C:\Users\khadijah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-28] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 14:47 - 2014-04-28 14:48 - 00000749 _____ () C:\Users\khadijah\Desktop\JRT.txt
2014-04-28 14:39 - 2014-04-28 14:39 - 01016261 _____ (Thisisu) C:\Users\khadijah\Downloads\JRT.exe
2014-04-28 14:39 - 2014-04-28 14:39 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-28 14:37 - 2014-04-28 14:37 - 00002310 _____ () C:\Users\khadijah\Desktop\AdwCleaner[S0].txt
2014-04-28 14:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-04-28 14:30 - 2014-04-28 14:34 - 00000000 ____D () C:\AdwCleaner
2014-04-28 14:29 - 2014-04-28 14:29 - 01329501 _____ () C:\Users\khadijah\Downloads\adwcleaner.exe
2014-04-28 14:24 - 2014-04-28 14:24 - 00074501 _____ () C:\Users\khadijah\Desktop\mban.txt
2014-04-28 13:56 - 2014-04-28 14:22 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 13:56 - 2014-04-28 13:56 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-28 13:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-28 13:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-28 13:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-28 13:55 - 2014-04-28 13:56 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\khadijah\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-28 13:19 - 2014-04-28 13:19 - 00001275 _____ () C:\Users\khadijah\Desktop\Revo Uninstaller.lnk
2014-04-28 13:19 - 2014-04-28 13:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 13:18 - 2014-04-28 13:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\khadijah\Downloads\revosetup95.exe
2014-04-25 15:33 - 2014-04-25 15:33 - 00025523 _____ () C:\Users\khadijah\Desktop\Addition.txt
2014-04-25 15:32 - 2014-04-25 15:32 - 00025523 _____ () C:\Users\khadijah\Downloads\Addition.txt
2014-04-25 11:02 - 2014-04-25 11:02 - 00010004 _____ () C:\Users\khadijah\Desktop\gmer.log
2014-04-25 10:57 - 2014-04-25 10:57 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-25 10:57 - 2014-04-25 10:57 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-25 10:50 - 2014-04-25 10:50 - 00380416 _____ () C:\Users\khadijah\Downloads\Gmer-19357.exe
2014-04-25 10:48 - 2014-04-25 10:48 - 00032436 _____ () C:\Users\khadijah\Desktop\FRST.txt
2014-04-25 10:44 - 2014-04-28 14:49 - 00011567 _____ () C:\Users\khadijah\Downloads\FRST.txt
2014-04-25 10:44 - 2014-04-28 14:49 - 00000000 ____D () C:\Users\khadijah\Downloads\FRST-OlderVersion
2014-04-25 10:41 - 2014-04-25 10:42 - 00000478 _____ () C:\Users\khadijah\Desktop\defogger_disable.log
2014-04-25 10:41 - 2014-04-25 10:41 - 00050477 _____ () C:\Users\khadijah\Downloads\Defogger.exe
2014-04-25 10:41 - 2014-04-25 10:41 - 00000000 _____ () C:\Users\khadijah\defogger_reenable
2014-04-25 10:40 - 2014-04-25 10:40 - 00001709 _____ () C:\Users\khadijah\Desktop\Continue FLV Player.lnk
2014-04-25 10:08 - 2014-04-28 14:34 - 00071030 _____ () C:\WINDOWS\PFRO.log
2014-04-23 19:30 - 2014-04-28 14:49 - 00000000 ____D () C:\FRST
2014-04-23 19:29 - 2014-04-28 14:49 - 02061824 _____ (Farbar) C:\Users\khadijah\Downloads\FRST64.exe
2014-04-23 17:04 - 2014-04-23 19:17 - 00000000 ____D () C:\Users\khadijah\Documents\Anti-Malware
2014-04-23 17:01 - 2014-04-27 22:29 - 00306671 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 16:59 - 2014-04-23 17:02 - 223568888 _____ (Emsisoft GmbH ) C:\Users\khadijah\Downloads\EmsisoftAntiMalwareSetup_81040.exe
2014-04-23 16:49 - 2014-04-23 16:51 - 312761032 _____ (Norman Shark AS) C:\Users\khadijah\Downloads\Norman_Malware208_Cleaner.exe
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Nitro
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\LSC
2014-04-23 16:06 - 2014-04-23 16:06 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-04-23 14:46 - 2014-04-23 14:46 - 00003366 _____ () C:\Users\khadijah\Documents\cc_20140423_144609.reg
2014-04-23 14:28 - 2014-04-23 14:28 - 00907018 _____ () C:\Users\khadijah\Downloads\adblockplus-2.5.1.zip
2014-04-22 22:33 - 2014-04-22 22:33 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64(1).exe
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-22 22:29 - 2014-04-22 22:29 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64.exe
2014-04-22 22:05 - 2014-04-22 22:05 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\Lenovo
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\CyberLink
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\CyberLink
2014-04-13 20:33 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-04-13 20:33 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-13 20:32 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-04-13 20:32 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-04-13 20:32 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-04-13 20:32 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-04-12 01:04 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-04-12 01:04 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-04-12 01:04 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-04-12 01:04 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-04-12 01:04 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2014-04-12 01:04 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 01:04 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 01:04 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-04-12 01:04 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2014-04-12 01:04 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 01:04 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-04-12 01:04 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-04-12 01:04 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-04-12 01:04 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-04-12 01:04 - 2014-01-27 01:17 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-04-12 01:04 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-04-12 01:04 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-04-12 01:04 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-04-12 01:04 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-04-12 01:04 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-04-11 10:25 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-04-11 10:25 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-04-11 10:25 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-04-11 10:25 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-04-08 17:55 - 2014-04-08 17:55 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-04-28 14:49 - 2014-04-25 10:44 - 00011567 _____ () C:\Users\khadijah\Downloads\FRST.txt
2014-04-28 14:49 - 2014-04-25 10:44 - 00000000 ____D () C:\Users\khadijah\Downloads\FRST-OlderVersion
2014-04-28 14:49 - 2014-04-23 19:30 - 00000000 ____D () C:\FRST
2014-04-28 14:49 - 2014-04-23 19:29 - 02061824 _____ (Farbar) C:\Users\khadijah\Downloads\FRST64.exe
2014-04-28 14:48 - 2014-04-28 14:47 - 00000749 _____ () C:\Users\khadijah\Desktop\JRT.txt
2014-04-28 14:39 - 2014-04-28 14:39 - 01016261 _____ (Thisisu) C:\Users\khadijah\Downloads\JRT.exe
2014-04-28 14:39 - 2014-04-28 14:39 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-28 14:39 - 2013-11-01 23:58 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-04-28 14:39 - 2013-11-01 23:58 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-04-28 14:39 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-28 14:38 - 2014-02-02 15:48 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Spotify
2014-04-28 14:37 - 2014-04-28 14:37 - 00002310 _____ () C:\Users\khadijah\Desktop\AdwCleaner[S0].txt
2014-04-28 14:36 - 2014-01-29 18:44 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 14:34 - 2014-04-28 14:30 - 00000000 ____D () C:\AdwCleaner
2014-04-28 14:34 - 2014-04-25 10:08 - 00071030 _____ () C:\WINDOWS\PFRO.log
2014-04-28 14:34 - 2013-11-01 16:25 - 00004608 _____ () C:\WINDOWS\system32\VfService.trf
2014-04-28 14:34 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-28 14:33 - 2013-12-25 11:36 - 06056804 _____ () C:\Users\Public\CAFADEBUG.log
2014-04-28 14:29 - 2014-04-28 14:29 - 01329501 _____ () C:\Users\khadijah\Downloads\adwcleaner.exe
2014-04-28 14:24 - 2014-04-28 14:24 - 00074501 _____ () C:\Users\khadijah\Desktop\mban.txt
2014-04-28 14:22 - 2014-04-28 13:56 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 14:19 - 2012-07-26 07:26 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-28 14:09 - 2014-01-29 18:44 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 14:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-28 13:56 - 2014-04-28 13:56 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 13:56 - 2014-04-28 13:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-28 13:56 - 2014-04-28 13:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\khadijah\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-28 13:19 - 2014-04-28 13:19 - 00001275 _____ () C:\Users\khadijah\Desktop\Revo Uninstaller.lnk
2014-04-28 13:19 - 2014-04-28 13:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-28 13:18 - 2014-04-28 13:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\khadijah\Downloads\revosetup95.exe
2014-04-27 22:29 - 2014-04-23 17:01 - 00306671 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-26 20:54 - 2013-12-25 02:51 - 00337920 ___SH () C:\Users\khadijah\Downloads\Thumbs.db
2014-04-25 15:33 - 2014-04-25 15:33 - 00025523 _____ () C:\Users\khadijah\Desktop\Addition.txt
2014-04-25 15:32 - 2014-04-25 15:32 - 00025523 _____ () C:\Users\khadijah\Downloads\Addition.txt
2014-04-25 11:37 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-25 11:03 - 2013-12-25 02:01 - 00000000 ____D () C:\Users\khadijah\Documents\Bluetooth Folder
2014-04-25 11:02 - 2014-04-25 11:02 - 00010004 _____ () C:\Users\khadijah\Desktop\gmer.log
2014-04-25 10:57 - 2014-04-25 10:57 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-25 10:57 - 2014-04-25 10:57 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-25 10:50 - 2014-04-25 10:50 - 00380416 _____ () C:\Users\khadijah\Downloads\Gmer-19357.exe
2014-04-25 10:48 - 2014-04-25 10:48 - 00032436 _____ () C:\Users\khadijah\Desktop\FRST.txt
2014-04-25 10:42 - 2014-04-25 10:41 - 00000478 _____ () C:\Users\khadijah\Desktop\defogger_disable.log
2014-04-25 10:41 - 2014-04-25 10:41 - 00050477 _____ () C:\Users\khadijah\Downloads\Defogger.exe
2014-04-25 10:41 - 2014-04-25 10:41 - 00000000 _____ () C:\Users\khadijah\defogger_reenable
2014-04-25 10:41 - 2013-12-25 01:58 - 00000000 ____D () C:\Users\khadijah
2014-04-25 10:40 - 2014-04-25 10:40 - 00001709 _____ () C:\Users\khadijah\Desktop\Continue FLV Player.lnk
2014-04-25 10:16 - 2013-12-25 02:00 - 00000000 ___RD () C:\Users\khadijah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-25 10:16 - 2013-12-25 02:00 - 00000000 ___RD () C:\Users\khadijah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 23:06 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-04-24 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-04-24 20:52 - 2014-02-02 15:49 - 00000000 ____D () C:\Users\khadijah\AppData\Local\Spotify
2014-04-23 19:17 - 2014-04-23 17:04 - 00000000 ____D () C:\Users\khadijah\Documents\Anti-Malware
2014-04-23 17:16 - 2013-12-25 14:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-23 17:13 - 2013-12-25 14:24 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-23 17:02 - 2014-04-23 16:59 - 223568888 _____ (Emsisoft GmbH ) C:\Users\khadijah\Downloads\EmsisoftAntiMalwareSetup_81040.exe
2014-04-23 16:51 - 2014-04-23 16:49 - 312761032 _____ (Norman Shark AS) C:\Users\khadijah\Downloads\Norman_Malware208_Cleaner.exe
2014-04-23 16:17 - 2014-02-10 18:58 - 00000000 ____D () C:\Users\khadijah\AppData\Local\CrashDumps
2014-04-23 16:09 - 2013-12-25 02:09 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Nitro PDF
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Nitro
2014-04-23 16:07 - 2014-04-23 16:07 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\LSC
2014-04-23 16:06 - 2014-04-23 16:06 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-04-23 16:06 - 2013-12-25 02:09 - 00000000 ____D () C:\Users\khadijah\AppData\Local\LSC
2014-04-23 16:06 - 2013-11-01 16:25 - 00000000 ____D () C:\ProgramData\Lenovo
2014-04-23 16:06 - 2013-11-01 16:12 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-04-23 16:06 - 2013-11-01 16:12 - 00000000 ____D () C:\Program Files\Lenovo
2014-04-23 16:05 - 2013-11-01 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-04-23 16:04 - 2013-11-01 16:12 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-04-23 14:46 - 2014-04-23 14:46 - 00003366 _____ () C:\Users\khadijah\Documents\cc_20140423_144609.reg
2014-04-23 14:28 - 2014-04-23 14:28 - 00907018 _____ () C:\Users\khadijah\Downloads\adblockplus-2.5.1.zip
2014-04-22 22:34 - 2014-02-02 21:44 - 00075264 ___SH () C:\Users\khadijah\Documents\Thumbs.db
2014-04-22 22:33 - 2014-04-22 22:33 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64(1).exe
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-22 22:31 - 2014-04-22 22:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-22 22:29 - 2014-04-22 22:29 - 13084896 _____ (Microsoft Corporation) C:\Users\khadijah\Downloads\Silverlight_x64.exe
2014-04-22 22:05 - 2014-04-22 22:05 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-22 22:05 - 2014-02-04 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-22 22:05 - 2014-02-04 22:24 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-22 22:05 - 2014-01-26 18:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\Lenovo
2014-04-20 11:22 - 2014-04-20 11:22 - 00000000 ____D () C:\Users\khadijah\Documents\CyberLink
2014-04-20 11:22 - 2013-12-25 02:00 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\Lenovo
2014-04-20 11:22 - 2013-11-01 16:21 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-20 11:21 - 2014-04-20 11:21 - 00000000 ____D () C:\Users\khadijah\AppData\Roaming\CyberLink
2014-04-18 11:34 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-04-08 17:55 - 2014-04-08 17:55 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-07 10:04 - 2014-01-29 18:44 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-07 10:04 - 2014-01-29 18:44 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-28 13:56 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-28 13:56 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-28 13:56 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2013-12-28 18:39 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-12-28 18:39 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\khadijah\AppData\Local\Temp\avgnt.exe
C:\Users\khadijah\AppData\Local\Temp\instract.exe
C:\Users\khadijah\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-28 07:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Alt 28.04.2014, 14:14   #6
kirsten_ay
 
Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Standard

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by khadijah at 2014-04-28 14:50:33
Running from C:\Users\khadijah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30424 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B6CEDB2C-C8F8-7213-7BDD-9409B34F77EA}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0424.1659.28626 - Ihr Firmenname) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2013.0424.1659.28626 - Ihr Firmenname) Hidden
Avira (HKLM-x32\...\{c13d72f9-bcdd-4c16-a942-7373a528171e}) (Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0424.1658.28626 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Ihr Firmenname)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39042 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software)
Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden

==================== Restore Points  =========================

20-03-2014 18:18:42 Windows Update
13-04-2014 18:24:59 Windows Update
22-04-2014 19:50:52 Windows Update
28-04-2014 11:45:47 Revo Uninstaller's restore point - HQ-Video-Profession-1.3

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DBE2A08-4668-41A7-8058-049E7600C88F} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1F0FEF75-D949-400A-B7C4-6E4D50E4CF31} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {38115E06-7285-4B76-922D-B3BF5C4726FE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {3FE9C113-02AF-4007-8CC2-B5A1C7E731B9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {420143A4-53FE-4E72-9205-DDAEE8D96803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)
Task: {4ADB07E9-FDE5-43EC-9E35-9B04143C740E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {6A6A0A10-48F1-4C36-AF65-5F9A7670AFFD} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {77A0A2FF-02FE-4E1C-8315-CE57818DF473} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D68CAD21-0F6F-4D26-B487-6F2CE7B05A71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EFEE0094-9526-47AC-B20E-AE1DA29714EC} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-24 18:10 - 2013-04-24 18:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-11-01 16:25 - 2013-11-01 16:25 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-11-01 16:25 - 2013-11-01 16:25 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-01-25 01:09 - 2013-01-25 01:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 01:05 - 2013-01-25 01:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 01:12 - 2013-01-25 01:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-04-24 18:10 - 2013-04-24 18:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-11 23:19 - 2013-12-18 10:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-15 18:34 - 2014-04-15 18:34 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:33 - 2014-04-15 18:33 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-02-11 23:20 - 2014-04-15 18:33 - 00049744 _____ () C:\Users\khadijah\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-12-25 02:05 - 2013-12-05 21:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3279.25 MB
Available physical RAM: 1962 MB
Total Pagefile: 12495.25 MB
Available Pagefile: 10847.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.96 GB) (Free:373.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9BBF8C2D)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 28.04.2014, 19:42   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Standard

Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up
awesomehp, awesomehp entfernen, continue, iexplore.exe, pup.optional.awesomehp.a, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.crossrider.m, pup.optional.domaiq, pup.optional.dynconie.a, pup.optional.fevenpro.a, pup.optional.hqvideoprofession.a, pup.optional.internetupdater.a, pup.optional.mediaplayerenhance.a, pup.optional.newtab.a, pup.optional.outbrowse, pup.optional.qone8, pup.optional.quickstart.a, pup.optional.suptab.a, pup.optional.websteroids.a, quick_start, services.exe, spotify web helper, svchost.exe



Ähnliche Themen: Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up


  1. Windows 7: Firefox wird von rvzr-a.akamaihd.net , gefolgt von <... mehr> attackiert
    Log-Analyse und Auswertung - 24.08.2014 (23)
  2. Windows 7 64 - Unerwünschte Popupwebseite http://rvzr-a.akamaihd.net/sd/....
    Log-Analyse und Auswertung - 24.01.2014 (1)
  3. Windows 7 64bit: rvzr-a.akamaihd
    Log-Analyse und Auswertung - 17.01.2014 (9)
  4. Der letzte Trojaner (rvzr-a.akamaihd) hat meine Apple ID gehackt, was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (9)
  5. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (19)
  6. Internet Trojaner (rvzr-a.akamaihd.net)
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (9)
  7. Windows 8 Unerwünschtes aufpoppen durch rvzr-a.akamaihd.net
    Log-Analyse und Auswertung - 07.01.2014 (10)
  8. Nationzoom, Winflasyplayer und rvzr.a.akamaihd. Trojaner?alle entfernt?
    Log-Analyse und Auswertung - 04.01.2014 (10)
  9. Trojaner rvzr-a.akamaihd.net & spy hunter/windows 8
    Log-Analyse und Auswertung - 11.12.2013 (7)
  10. Windows 7: rvzr-a.akamaihd.net - permanente Werbe PopUps
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (10)
  11. Windows 7: rvzr-a.akamaihd.net - permanente Werbe PopUps- wie kann ich (Laie) das entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (9)
  12. Windows 7: rvzr-a-akamaihd stört in Mozilla
    Log-Analyse und Auswertung - 03.12.2013 (5)
  13. rvzr-a.akamaihd.net im Firefox! Trojaner?
    Log-Analyse und Auswertung - 01.12.2013 (8)
  14. rvzr-a.akamaihd.net/
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (3)
  15. rvzr-a.akamaihd auf Windows 7 64-bit
    Log-Analyse und Auswertung - 20.11.2013 (1)
  16. rvzr-a.akamaihd
    Log-Analyse und Auswertung - 11.11.2013 (7)
  17. rvzr-a.akamaihd.net
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (24)

Zum Thema Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up - Hallo, bin hier neu und auch nicht so up to date was Sachen PC angeht. Hoffe ihr könnt mir als Laien auch helfen und entschuldigt schon jetzt vorab,wenn ich mich - Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up...
Archiv
Du betrachtest: Windows 8 Trojaner rvzr-a-akamaihd und cr.tractionize Pc lahmt und dauernd Pop up auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.