Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.09.2014, 18:15   #1
scooby_doo
 
Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Ausrufezeichen

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Hallo liebe Community,

ich wollte einer Bekannten bei dem Virenbefall Ihres Rechners helfen, stoße allerdings selber an meine Grenzen, daher bitte ich in nachfolgender Situation um eure Hilfe.

Beim Surfen tauchen beim Aufrufen von neuen Seiten (Klick auf einen Link) immer eine Vielzahl von Pop-Up-Fenster mit irgendwelchen dubiosen Werbeangeboten auf. Vorhin versuchte mich eine dieser Seiten auch zu der Installation irgendeines Videoplayers für Firefox zu überreden.

Darüber hinaus tauchen auf den Seiten - scheinbar willkürlich verteilt - immer wieder Wörter auf, die in grüner Schrift hervorgehoben und doppelt unterstrichen sind. Dabei sind hinter diesen Wörtern Links versteckt, die ebenfalls zu irgendwelchen dubiosen Werbeinhalten weiterleiten. Es reicht sogar schon, wenn man einfach mal versehentlich über eines dieser Wörter mit dem Mauszeiger kommt, dann werden auch wieder irgendwelche Werbeinhalte eingeblendet.

Wenn dann eine Seite mal aufgebaut ist, dauert aufgrund der Vielzahl von Pop-Ups sehr lange, wird auch um den eigentlichen Seiteninhalt immer sehr viel Werbung eingeblendet. Dabei steht unter den Werbeeinblendungen immer eine Art "Signatur" "Ads by LyricsBuddy-1".

Ebenfalls wird bei Google-Suchergebnissen eine Art Werbebanner oder so ähnlich eingeblendet. Wenn ich also zu einem bestimmten Thema etwas suche, dann wird der erste Treffer angezeigt und darunter irgendwelche Werbeeinblendungen zu dem Thema. Auch hier steht diese "Signatur" "Powered by LyricsBuddy"

Auf dem Rechner ist Mc Afee Total Preotection installiert. Leider weiß ich nicht, wie ich dort die Log-Files exportieren kann. Das Programm zeigt mir allerdings an, dass es bereits 7 Viren entfernt oder isoliert hat und ein potentiell unerwünschtes Programm entfernt hat.

Isolierte Elemente: runmgr.exe, desktop.dll, LyricsBuddy-1-buttonutil.exe, 41868_updater.exe, utils.exe, lyricybuddy-1-bg.exe, LyricyBuddy-1-buttonutil.dll

Isolierte potentiell unerwünschte Programme: PUP-FEJ!C69E5C3BCF69, PUP-FEJ!B09677983317, PUP-FEJ!7CC630196DEE

Darüber hinaus habe ich bereits mit dem HerdProtect-Scanner eine Suche durchgeführt. Dabei habe ich bereits 43 Treffer gehabt. Leider hat es scheinbar noch nicht gereicht. Auch hier kann ich leider die Log-Files nich so einfach exportieren. Wenn ihr ein bessere Methode wisst, als alle 43 Treffer inkl. Dateinamen händisch einzutippen, wäre ich dafür dankbar. :-)

Log-File Defogger_Disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:01 on 14/09/2014 (G6-2376)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Log-File FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by G6-2376 (administrator) on HPG6 on 14-09-2014 17:03:18
Running from C:\Users\G6-2376\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-907070689-3175279176-1283973887-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-907070689-3175279176-1283973887-1001\...\MountPoints2: {028c4cca-0d08-11e3-beb7-001e101f45f9} - "J:\AutoRun.exe" 
HKU\S-1-5-21-907070689-3175279176-1283973887-1001\...\MountPoints2: {405cfab1-f596-11e3-bef9-001e101f2b9e} - "F:\AutoRun.exe" 
HKU\S-1-5-21-907070689-3175279176-1283973887-1001\...\MountPoints2: {7f2cdc21-0c8b-11e3-beb6-38eaa7e0d1fa} - "F:\AutoRun.exe" 
HKU\S-1-5-21-907070689-3175279176-1283973887-1001\...\MountPoints2: {7f2cdc54-0c8b-11e3-beb6-38eaa7e0d1fa} - "F:\AutoRun.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {130A418B-405C-4D02-88B7-3634410A5AFF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {130A418B-405C-4D02-88B7-3634410A5AFF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {A82506F1-A7C9-410F-849A-1A4B495179B1} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=780F001E101F05EA&affID=119403&tsp=5022
SearchScopes: HKCU - {130A418B-405C-4D02-88B7-3634410A5AFF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {A82506F1-A7C9-410F-849A-1A4B495179B1} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: OKitSpace -> {3543619C-D563-43f7-95EA-4DA7E1CC396A} -> C:\Users\G6-2376\AppData\Roaming\okitspace\IE\OKitSpace.dll ()
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\..\Interfaces\{360D081A-2333-4F80-A4FA-43CB7EBD53E9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{616B63C0-22FB-49C7-B6AD-C00550F686A9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{BAC8662B-D609-4427-B6CD-AFDC5E642D8B}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LyricsBuddy-1 - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com [2014-07-13]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\ascsurfingprotection@iobit.com [2013-10-06]
FF Extension: Delta Toolbar - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\ffxtlbr@delta.com [2013-10-01]
FF Extension: Adblock Plus - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [OKitSpace@Vittalia.es] - C:\Users\G6-2376\AppData\Roaming\okitspace\Firefox
FF Extension: OKitSpace - C:\Users\G6-2376\AppData\Roaming\okitspace\Firefox [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-06]

Chrome: 
=======
CHR Profile: C:\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Plus-HD-1.7) - C:\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn [2013-10-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePluginFor6.crx [2013-10-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0095071410703575mcinstcleanup; C:\Windows\TEMP\009507~1.EXE [827456 2012-01-09] (McAfee, Inc.)
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-07-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-10-16] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-22] (IDT, Inc.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 17:03 - 2014-09-14 17:03 - 00022820 _____ () C:\Users\G6-2376\Desktop\FRST.txt
2014-09-14 17:02 - 2014-09-14 17:03 - 00000000 ____D () C:\FRST
2014-09-14 17:01 - 2014-09-14 17:01 - 00000476 _____ () C:\Users\G6-2376\Desktop\defogger_disable.log
2014-09-14 17:01 - 2014-09-14 17:01 - 00000000 _____ () C:\Users\G6-2376\defogger_reenable
2014-09-14 16:57 - 2014-09-14 16:57 - 00380416 _____ () C:\Users\G6-2376\Desktop\Gmer-19357.exe
2014-09-14 16:56 - 2014-09-14 16:56 - 02105856 _____ (Farbar) C:\Users\G6-2376\Desktop\FRST64.exe
2014-09-14 16:54 - 2014-09-14 16:54 - 00050477 _____ () C:\Users\G6-2376\Desktop\Defogger.exe
2014-09-14 16:03 - 2014-09-14 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 17:03 - 2014-09-14 17:03 - 00022820 _____ () C:\Users\G6-2376\Desktop\FRST.txt
2014-09-14 17:03 - 2014-09-14 17:02 - 00000000 ____D () C:\FRST
2014-09-14 17:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-14 17:01 - 2014-09-14 17:01 - 00000476 _____ () C:\Users\G6-2376\Desktop\defogger_disable.log
2014-09-14 17:01 - 2014-09-14 17:01 - 00000000 _____ () C:\Users\G6-2376\defogger_reenable
2014-09-14 17:01 - 2013-06-15 11:43 - 00000000 ____D () C:\Users\G6-2376
2014-09-14 16:57 - 2014-09-14 16:57 - 00380416 _____ () C:\Users\G6-2376\Desktop\Gmer-19357.exe
2014-09-14 16:56 - 2014-09-14 16:56 - 02105856 _____ (Farbar) C:\Users\G6-2376\Desktop\FRST64.exe
2014-09-14 16:54 - 2014-09-14 16:54 - 00050477 _____ () C:\Users\G6-2376\Desktop\Defogger.exe
2014-09-14 16:07 - 2013-08-24 23:05 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-14 16:07 - 2013-08-24 23:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 16:06 - 2013-10-06 20:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-14 16:03 - 2014-09-14 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-14 16:03 - 2013-10-06 20:49 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-09-14 16:02 - 2014-07-13 13:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-14 16:02 - 2014-07-13 13:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-14 16:02 - 2012-09-12 09:20 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-09-14 16:02 - 2012-09-12 09:20 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-09-14 16:02 - 2012-07-26 09:28 - 01949432 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 15:57 - 2013-10-06 16:55 - 00000000 __RSD () C:\Users\G6-2376\Documents\McAfee-Tresore
2014-09-14 15:57 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-14 15:56 - 2013-10-01 19:32 - 00001120 _____ () C:\Windows\Tasks\LyricsBuddy-1-enabler.job
2014-09-14 15:56 - 2013-10-01 19:31 - 00001856 _____ () C:\Windows\Tasks\LyricsBuddy-1-firefoxinstaller.job
2014-09-14 15:56 - 2013-10-01 19:31 - 00001220 _____ () C:\Windows\Tasks\LyricsBuddy-1-codedownloader.job
2014-08-15 22:01 - 2013-08-24 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-15 22:01 - 2012-08-04 00:23 - 00504198 _____ () C:\Windows\PFRO.log
2014-08-15 22:01 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

Some content of TEMP:
====================
C:\Users\G6-2376\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\G6-2376\AppData\Local\Temp\Extract.exe
C:\Users\G6-2376\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\G6-2376\AppData\Local\Temp\mcitinfo_1381070152.exe
C:\Users\G6-2376\AppData\Local\Temp\ResetDevice.exe
C:\Users\G6-2376\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-04 14:20

==================== End Of Log ============================
         
Log-File Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by G6-2376 at 2014-09-14 17:04:10
Running from C:\Users\G6-2376\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.4 - IObit)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5977D04D-1D6A-952C-97AF-04D9D4C0AE56}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0806.1156.19437 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{E7EB0FFE-B5E3-4163-A2A1-DD329380664A}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{94BB4B4F-BD6D-4166-A580-F868C8384CA6}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
LyricsBuddy-1 (HKLM-x32\...\LyricsBuddy-1) (Version: 1.28.153.3 - Lyrics) <==== ATTENTION
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0  (HKLM-x32\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.01.40 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Plus-HD-1.7 (HKLM-x32\...\Plus-HD-1.7) (Version: 1.28.153.3 - Plus HD) <==== ATTENTION
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SoftwareUpdater (HKLM-x32\...\SoftwareUpdater) (Version:  - )
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.3.0.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-07-2014 11:20:23 HPSF Applying updates
11-08-2014 16:59:42 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09558384-3FF0-44E6-8657-056F270FC10C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated)
Task: {130FE106-9930-4523-B2FA-C245AFF20C68} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {28038B64-E0A8-4FC9-83B2-4E0DBE91E2FF} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-10] (IObit)
Task: {2B0A8B9A-393A-4F6E-AFED-D8B03E40CECD} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {2CA0A245-D5D5-4A2F-8C6B-9238759D8E04} - System32\Tasks\LyricsBuddy-1-enabler => C:\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-enabler.exe <==== ATTENTION
Task: {30C4EF58-2598-4233-B2DB-CAB9B7480890} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {3EBF0F90-9D28-4C91-9F3E-E7890564DE22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {438AA9AC-1475-4786-9579-A66C04C54B76} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {5354A3F0-CB3E-4442-AC8B-B97AEB465739} - System32\Tasks\LyricsBuddy-1-firefoxinstaller => C:\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-firefoxinstaller.exe <==== ATTENTION
Task: {584339D2-D42E-4F81-BD05-2DFF162066D1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {7A5F1A4E-D9DE-4704-B9C7-2871DCCB8884} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-09-29] (IObit)
Task: {875863B3-C9DB-4154-ADDF-3657F6B50DB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9DC3E081-4345-42C9-850D-9E2748933484} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)
Task: {A6C72149-1256-4EFB-8BB2-36328D960046} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B0B3B97A-467B-47D3-B56C-B56EFE8097C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D84B01A2-7865-4390-9EEB-28DCC6E12CC7} - System32\Tasks\LyricsBuddy-1-codedownloader => C:\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-codedownloader.exe <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F250460A-D247-4DBE-BFDA-6FF129FAD583} - \DealPlyUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\LyricsBuddy-1-codedownloader.job => C:\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\LyricsBuddy-1-enabler.job => C:\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\LyricsBuddy-1-firefoxinstaller.job => C:\Program Files (x86)\LyricsBuddy-1\LyricsBuddy-1-firefoxinstaller.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-10-06 21:11 - 2013-01-15 18:59 - 00161088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll
2012-07-25 22:08 - 2012-07-25 22:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-06 12:54 - 2012-08-06 12:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-24 22:48 - 2010-01-08 15:59 - 00540672 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2013-10-06 21:11 - 2013-01-15 18:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll
2013-10-06 21:09 - 2013-09-29 19:05 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-10-06 21:09 - 2013-09-29 19:05 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-10-06 21:09 - 2013-09-29 19:05 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2012-12-13 21:26 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-06 21:11 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
2013-10-06 21:11 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
2013-10-06 21:11 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2013-10-06 21:11 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
2013-10-06 21:09 - 2013-09-29 19:05 - 00039744 _____ () C:\Program Files (x86)\IObit\Start Menu 8\pri.dll
2013-10-06 21:09 - 2013-09-29 19:05 - 00040256 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2012-12-13 21:44 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-08-24 22:48 - 2010-01-15 14:53 - 00014848 _____ () C:\Program Files (x86)\Mobile Partner\isaputrace.dll
2013-08-24 22:48 - 2010-03-04 11:23 - 00114688 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
2013-08-24 22:48 - 2010-03-04 11:24 - 00057344 _____ () C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
2013-08-24 22:48 - 2010-03-04 11:21 - 00147456 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
2013-08-24 22:48 - 2010-03-04 11:19 - 00090112 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2013-08-24 22:48 - 2010-03-04 11:00 - 00991232 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2013-08-24 22:48 - 2010-01-15 14:53 - 00167936 _____ () C:\Program Files (x86)\Mobile Partner\DetectDev.dll
2013-08-24 22:48 - 2010-01-15 14:53 - 00598016 _____ () C:\Program Files (x86)\Mobile Partner\atcomm.dll
2013-08-24 22:48 - 2010-01-15 14:53 - 00061440 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2013-08-24 22:48 - 2010-01-15 14:53 - 00061440 _____ () C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
2013-08-24 22:48 - 2010-03-04 11:26 - 00032768 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2013-08-24 22:48 - 2010-03-04 11:27 - 00139264 _____ () C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
2013-08-24 22:48 - 2010-03-04 11:18 - 00245760 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2013-08-24 22:48 - 2010-01-15 14:53 - 00090112 _____ () C:\Program Files (x86)\Mobile Partner\FileManager.dll
2013-08-24 22:48 - 2010-03-04 11:27 - 00163840 _____ () C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
2014-08-05 14:59 - 2014-08-05 14:59 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 04:11:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/14/2014 03:57:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mcshield.exe, Version: 1.1.3.164, Zeitstempel: 0x532860a3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16912, Zeitstempel: 0x536464ba
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000413e0
ID des fehlerhaften Prozesses: 0xb18
Startzeit der fehlerhaften Anwendung: 0xmcshield.exe0
Pfad der fehlerhaften Anwendung: mcshield.exe1
Pfad des fehlerhaften Moduls: mcshield.exe2
Berichtskennung: mcshield.exe3
Vollständiger Name des fehlerhaften Pakets: mcshield.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mcshield.exe5

Error: (09/14/2014 03:56:59 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: McShield crashed.
Error Code:c0000005

Error: (09/14/2014 03:56:58 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: McShield crashed.
Error Code:c0000005

Error: (09/14/2014 03:56:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1731752531 ticks; setting correction factor to -1173897032

Error: (08/15/2014 10:02:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16680, Zeitstempel: 0x51fb45f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000186c
ID des fehlerhaften Prozesses: 0x7ac
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (08/11/2014 06:47:30 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/05/2014 02:10:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/05/2014 01:45:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e48

Startzeit: 01cfb0a29f09b95a

Endzeit: 4294967295

Anwendungspfad: C:\Windows\system32\wwahost.exe

Berichts-ID: f5d25d42-1c95-11e4-bf03-38eaa7e0d1fa

Vollständiger Name des fehlerhaften Pakets: microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.ModernPhotos

Error: (08/05/2014 01:45:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hpG6)
Description: Das Paket „microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.


System errors:
=============
Error: (09/14/2014 03:57:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "McAfee Anti-Malware Core" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/11/2014 07:10:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpqwmiex erreicht.

Error: (08/11/2014 05:52:04 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (08/05/2014 01:44:47 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (08/04/2014 00:37:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎08.‎2014 um 12:29:30 unerwartet heruntergefahren.

Error: (08/04/2014 00:06:05 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C}

Error: (07/13/2014 02:35:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iscFlash" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/13/2014 02:35:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iscFlash" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/13/2014 02:35:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iscFlash" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/13/2014 02:35:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iscFlash" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (09/14/2014 04:11:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/14/2014 03:57:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcshield.exe1.1.3.164532860a3ntdll.dll6.2.9200.16912536464bac000000500000000000413e0b1801cfb8c3c5d9cf9cC:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Windows\SYSTEM32\ntdll.dllff2107a9-3c16-11e4-bf05-38eaa7e0d1fa

Error: (09/14/2014 03:56:59 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: c0000005

Error: (09/14/2014 03:56:58 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT)
Description: c0000005

Error: (09/14/2014 03:56:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1731752531 ticks; setting correction factor to -1173897032

Error: (08/15/2014 10:02:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.1668051fb45f3c0000005000000000000186c7ac01cfb8c3c1c7dec0C:\Windows\Explorer.EXEC:\Windows\System32\twinui.dll10c01597-24b7-11e4-bf05-38eaa7e0d1fa

Error: (08/11/2014 06:47:30 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/05/2014 02:10:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/05/2014 01:45:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.16420e4801cfb0a29f09b95a4294967295C:\Windows\system32\wwahost.exef5d25d42-1c95-11e4-bf03-38eaa7e0d1famicrosoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbweMicrosoft.WindowsLive.ModernPhotos

Error: (08/05/2014 01:45:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: hpG6)
Description: microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe


CodeIntegrity Errors:
===================================
  Date: 2014-09-14 16:46:35.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:40:53.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:40:46.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:34:19.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:34:12.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:33:45.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:33:41.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:31:33.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:19:36.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 16:15:36.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 6036.27 MB
Available physical RAM: 3296.82 MB
Total Pagefile: 6996.27 MB
Available Pagefile: 4154.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.14 GB) (Free:395.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.85 GB) (Free:2.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Mobile Partner) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E705510)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Log-File GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-14 17:39:39
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d Hitachi_HTS545050A7E380 rev.GG2OA7A0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\G6-2376\AppData\Local\Temp\pxloipow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\atiesrxx.exe[424] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                               000007fca645177a 4 bytes [45, A6, FC, 07]
.text   C:\Windows\system32\atiesrxx.exe[424] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                               000007fca6451782 4 bytes [45, A6, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[1060] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                              000007fca645177a 4 bytes [45, A6, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[1060] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                              000007fca6451782 4 bytes [45, A6, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[1060] C:\Windows\system32\WSOCK32.dll!recvfrom + 742                                            000007fca2901b32 4 bytes [90, A2, FC, 07]
.text   C:\Windows\system32\atieclxx.exe[1060] C:\Windows\system32\WSOCK32.dll!recvfrom + 750                                            000007fca2901b3a 4 bytes [90, A2, FC, 07]
.text   C:\Windows\system32\mfevtps.exe[2388] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                               000007fca645177a 4 bytes [45, A6, FC, 07]
.text   C:\Windows\system32\mfevtps.exe[2388] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                               000007fca6451782 4 bytes [45, A6, FC, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306      000007fca645177a 4 bytes [45, A6, FC, 07]
.text   C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314      000007fca6451782 4 bytes [45, A6, FC, 07]
.text   C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[3208] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 690         000007fc9c901532 4 bytes [90, 9C, FC, 07]
.text   C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[3208] C:\Windows\SYSTEM32\msimg32.dll!GradientFill + 698         000007fc9c90153a 4 bytes [90, 9C, FC, 07]
.text   C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[3208] C:\Windows\SYSTEM32\msimg32.dll!TransparentBlt + 246       000007fc9c90165a 4 bytes [90, 9C, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[3420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                              000007fca645177a 4 bytes [45, A6, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[3420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                              000007fca6451782 4 bytes [45, A6, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                 000007fca645177a 4 bytes [45, A6, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2536] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                 000007fca6451782 4 bytes [45, A6, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4640] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306              000007fca645177a 4 bytes [45, A6, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4640] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314              000007fca6451782 4 bytes [45, A6, FC, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1508] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007fc9c901532 4 bytes [90, 9C, FC, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1508] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007fc9c90153a 4 bytes [90, 9C, FC, 07]
.text   C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[1508] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007fc9c90165a 4 bytes [90, 9C, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [768:784]                                                                                          fffff960008c85e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
Ich bedanke mich bereits vorab für eure Hilfe und wünsche noch einen schönen restlichen Sonntag!

Alt 14.09.2014, 18:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



hi,

Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 14.09.2014, 20:02   #3
scooby_doo
 
Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Hallo schrauber,

vielen Dank für die erste Hilfe bei der Lösung meines Problems!

Ich habe die Bereinigung mit RevoUninstaller durchgeführt und danach Combofix laufen lassen. Dabei hat Combofix einmal folgende Fehlermeldung angezeigt: Error saving file C:\Windows\erdnt\Hiv-backup\Drivers!

Ich konnte aber weiter klicken, so dass Combofix durchlaufen konnte.

Hier das Log-File
Code:
ATTFilter
ComboFix 14-09-14.01 - G6-2376 14.09.2014  20:36:07.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.6036.4503 [GMT 2:00]
ausgeführt von:: c:\users\G6-2376\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SoftwareUpdater\KeyGen.dll
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\background.html
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\crossriderManifest.json
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\manifest.xml
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins.json
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\1_base.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\101_cortica_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\102_dealply_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\103_intext_5_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\104_jollywallet_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\105_corticas_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\107_coupish_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\108_icm_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\116_ads_only_5_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\119_similar_web_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\120_luck_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\123_intext_adv_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\125_arcadi2_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\127_revizer_p_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\129_widdit_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\135_arcadi3_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\138_getdeal_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\142_intext_fa_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\17_jQuery.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\170_icm1_5_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\21_debug.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\22_resources.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\28_initializer.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\47_resources_background.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\64_appApiMessage.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\7_hooks.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\72_appApiValidation.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\9_search_engine_hook.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\92_superfish_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\userCode\background.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\userCode\extension.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\icons\actions\1.png
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\icons\icon128.png
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\icons\icon16.png
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\icons\icon48.png
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\api\chrome.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\api\cookie.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\api\message.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\api\pageAction.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\api\pageActionBG.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\background.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\app_api.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\bg_app_api.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\consts.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\cookie_store.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\crossriderAPI.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\delegate.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\events.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\extensionDataStore.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\installer.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\logFile.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\logging.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\onBGDocumentLoad.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\popupResource\newPopup.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\popupResource\popup.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\reports.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\storageWrapper.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\updateManager.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\util.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\lib\xhr.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\js\main.js
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\manifest.json
c:\users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\popup.html
c:\users\G6-2376\AppData\Roaming\okitspace
c:\users\G6-2376\AppData\Roaming\okitspace\128
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome.manifest
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome\content\background.html
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome\content\content.xul
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome\content\icons\okitspace-19x19.png
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome\content\icons\okitspace-48x48.png
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome\content\main.js
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome\content\main.js.old
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\chrome\skin\overlay.css
c:\users\G6-2376\AppData\Roaming\okitspace\Firefox\install.rdf
c:\users\G6-2376\AppData\Roaming\okitspace\HUAWEI Mobile Connect - 3G Network Card
c:\users\G6-2376\AppData\Roaming\okitspace\IE\config
c:\users\G6-2376\AppData\Roaming\okitspace\IE\OKitSpace.dll
c:\users\G6-2376\AppData\Roaming\okitspace\Number of results
c:\users\G6-2376\AppData\Roaming\okitspace\ok
c:\users\G6-2376\AppData\Roaming\okitspace\uninstall.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-14 bis 2014-09-14  ))))))))))))))))))))))))))))))
.
.
2014-09-14 18:12 . 2014-09-14 18:12	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-09-14 15:02 . 2014-09-14 15:04	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-14 17:19 . 2012-07-26 08:13	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-13 11:35 . 2012-12-13 19:21	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 MfeASKM;McAfee Application Statistics Device Driver;c:\program files\McAfee\AppStats\MfeASKM.sys;c:\program files\McAfee\AppStats\MfeASKM.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 MfeASUM;McAfee Application Statistics Service;c:\program files\McAfee\AppStats\MfeASUM.exe;c:\program files\McAfee\AppStats\MfeASUM.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 StartMenuService;StartMenu8 Service;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost	REG_MULTI_SZ   	apphostsvc
iissvcs	REG_MULTI_SZ   	w3svc was
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-24 14:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-25 440640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-22 1425408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-19 21720]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{360D081A-2333-4F80-A4FA-43CB7EBD53E9}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{616B63C0-22FB-49C7-B6AD-C00550F686A9}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{BAC8662B-D609-4427-B6CD-AFDC5E642D8B}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 780f8908000000000000001e101f05ea
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15979
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.619:31
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119403&tsp=5022
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-09-14  20:43:16
ComboFix-quarantined-files.txt  2014-09-14 18:43
.
Vor Suchlauf: 13 Verzeichnis(se), 424.820.482.048 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 425.081.032.704 Bytes frei
.
- - End Of File - - 7E9D74488F6CB2962AA099FD8DF21E77
         
P.S.: Die grün hervorgehobenen und doppelt unterstrichenen Wörter werden immer noch angezeigt.

Vielen Dank für die weitere Hilfe!
__________________

Alt 15.09.2014, 14:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.09.2014, 17:06   #5
scooby_doo
 
Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Hallo schrauber,

danke für die Anleitung. Habe alles durchgeführt. Nachfolgend die Log-Files.

Eine Frage hätte ich noch. Der Rechner geht über einen UMTS-Surfstick online. Könnte sich dort noch Schadsoftware eingenistet haben oder ist das entweder unmöglich bzw. wurde bei den Scans gleich mit erledigt? Sofern sich Schadsoftware auf dem Stick befinden könnte, wäre es möglich diese zu entfernen bzw. könnte der Stick auch eine Gefährdung für andere Rechner darstellen? Danke auch hierfür!

Hier die Log-Files...

MBAM Log File
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.09.2014
Suchlauf-Zeit: 16:53:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.15.07
Rootkit Datenbank: v2014.09.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: G6-2376

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 316647
Verstrichene Zeit: 13 Min, 35 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 12
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [0de6777686f5a4922d05c7f712f0837d], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [0de6777686f5a4922d05c7f712f0837d], 
PUP.Optional.OfferBox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}, In Quarantäne, [27cc46a7e299bb7b01446b2028da24dc], 
PUP.Optional.OfferBox.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3543619C-D563-43F7-95EA-4DA7E1CC396A}, In Quarantäne, [27cc46a7e299bb7b01446b2028da24dc], 
PUP.Optional.OfferBox.A, HKU\S-1-5-21-907070689-3175279176-1283973887-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3543619C-D563-43F7-95EA-4DA7E1CC396A}, In Quarantäne, [27cc46a7e299bb7b01446b2028da24dc], 
PUP.Optional.OfferBox.A, HKU\S-1-5-21-907070689-3175279176-1283973887-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3543619C-D563-43F7-95EA-4DA7E1CC396A}, In Quarantäne, [27cc46a7e299bb7b01446b2028da24dc], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-907070689-3175279176-1283973887-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [3db64aa3691242f419ab8cf8d82ae818], 
PUP.Optional.Vittalia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SoftwareUpdater, In Quarantäne, [d41f0ce198e37cbad997c2108180f709], 
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\WOW6432NODE\SOFTWAREUPDATER, In Quarantäne, [14df32bbcbb0c175d772d575f212e51b], 
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, In Quarantäne, [51a228c5374411251811f937a2610bf5], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-907070689-3175279176-1283973887-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.7, In Quarantäne, [9162ffee4a316ec8f403c263818255ab], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-907070689-3175279176-1283973887-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD, In Quarantäne, [22d139b446353cfaea0637cb709309f7], 

Registrierungswerte: 3
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SOFTWAREUPDATER|UninstallString, C:\Program Files (x86)\SoftwareUpdater\uninstall.exe, In Quarantäne, [43b07479ee8d5fd79024096131d3af51]
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\WOW6432NODE\SOFTWAREUPDATER|partner_keyword, EAZELDE, In Quarantäne, [14df32bbcbb0c175d772d575f212e51b]
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\WOW6432NODE\SOFTWAREUPDATER|UpdaterPath, C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe, In Quarantäne, [ea09e508bbc043f3c9fc0bf72ad94eb2]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 14
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\defaults, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\defaults\preferences, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\userCode, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\locale, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\locale\en-US, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.DSearchLink.A, C:\ProgramData\DSearchLink, In Quarantäne, [ce255598443758def40439c103ff7789], 

Dateien: 137
PUP.Optional.Vittalia, C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe, In Quarantäne, [e40f7b72ec8f7abcb03c8625d22f7789], 
PUP.Optional.Vittalia, C:\Program Files (x86)\SoftwareUpdater\uninstall.exe, In Quarantäne, [d41f0ce198e37cbad997c2108180f709], 
PUP.Optional.Vittalia, C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe_old, In Quarantäne, [50a33bb2314ad462707b4d5e4ab719e7], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome.manifest, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\install.rdf, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\32ca59b235baa9e6f0a955dbbb550ee9.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\647b2116d928a311ca8c93d8ebb17584.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\700ae88efa2fcee438eface545719a99.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\a6454a51986a98c3c714a4406c5a13fb.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\background.html, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\browser.xul, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\dialog.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\e3b90b590fec626ad2f1d5a84ab59aba.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\options.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\options.xul, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\search_dialog.xul, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\ac4f760e97ec1947861ed38017e34494.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\04cba1d1fa8a7496605087bee22b1440.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\20e9c3851f766ff15e97c0bbf6d93e5e.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\40dd01edb86700f8b7959b26b2e84761.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\53e2e3427804245c7a2f81d8f508bf1c.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\6b40b1b8da70ff58b2cb0d0572c29677.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\80add444914a4bfc72f593bb89d469dc.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\9ef4a9f53488e24e464b718728bf84ad.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\a9c7992fb52b4e20a6dabfd48459f175.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\af3f99e7e058f2b96938ff23d04aeb1d.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\c520a029845196649307c27b5d791321.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\c55d77f1d18820e4bf209e9bf25ae95e.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\c9f1096a00d742ea4ee6250881eddeff.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\cb1eaa1be294ff6a9197bfdae6b0aa0b.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\d4ff7460ffd63651821080e8dcf7ce80.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\api\f5dc8e8ee49e1a9174459793fc4e6df0.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\6a994a3c97fb65a5724a71f50eff9c79.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\0115ec0bea60f798570f6f2f9ca233d2.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\076d9e7f0410c20286d8b323f917d7b7.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\0a32b9fc9fa9c5f0d0245902a80e25c3.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\11d35254796896e4a55762aaf0ab8903.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\13b0650a3a66d1634010a9eab716b49a.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\177d56ade45eb6b94a5e109e63293c42.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\1e6fbb3c8a6d0c228a1e4270e7dc01a0.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\38a467d8953a0636e0464b7d82ad4c2b.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\3b7b9f2cb377aaa3a237cbf1cef91326.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\3e48b038212da585903b1627470cdbc1.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\482ebe4854c6a2437e262758119055a2.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\518ca5c5c2c28cc543fc026ab4e591c2.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\636d1d1123e533e5bf43d7f0d1406076.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\8bf095392cb3f8494271a699b16995ab.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\a66a1206900f7b6f8eaddd2dc87c297e.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\b0c4023273ae5234b3bed2d5fbb90f8f.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\c16b2be48b6f55c3329c3a6054e91b6f.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\d9fc20aad34a65add863b855fa810490.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\de1f694dcd32cf56ce69b799928d7b98.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\chrome\content\core\installer.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\defaults\preferences\prefs.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\manifest.xml, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins.json, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\1.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\102.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\104.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\13.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\14.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\16.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\17.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\177.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\180.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\182.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\183.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\184.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\207.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\21.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\22.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\220.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\221.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\223.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\226.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\230.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\233.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\244.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\246.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\260.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\263.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\268.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\28.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\281.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\298.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\4.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\47.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\64.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\7.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\72.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\78.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\9.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\91.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\93.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\plugins\98.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\userCode\background.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\extensionData\userCode\extension.js, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\locale\en-US\translations.dtd, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\button1.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\button2.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\button3.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\button4.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\button5.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\crossrider_statusbar.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\icon128.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\icon16.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\icon24.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\icon48.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\panelarrow-up.png, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\popup.html, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\skin.css, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\extensions\8af2e526-8c09-42dc-8d01-1001b936572c@5f890a75-ea43-44fa-9c15-0da08497ff9d.com\skin\update.css, In Quarantäne, [ee05b33af3880432b95ba136b250748c], 
PUP.Optional.CrossRider.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "148747e6e676280adbaabe21cffef9a4");), Ersetzt,[1ad9a14cbac10432c1cc7eb3d233a55b]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[5a99905dafccc86e4262df5248bda45c]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[599a816c552647efc1e30c25c83d5ea2]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[c42f6588d1aaf442baea5fd222e39a66]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[1ad913da3a41d0669d0751e0947120e0]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[d122d11c94e71521752f1819c342926e]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[1fd4c52887f496a0b5ef4ae73fc6e21e]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[0de6fcf1df9cec4abbe9da571fe6be42]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "780f8908000000000000001e101f05ea");), Ersetzt,[a94a618c4239c86e0c98aa8763a27a86]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15979");), Ersetzt,[3eb5da13c8b3c175653f90a1e61f0000]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[04ef79743447b87e03a154dd3cc9827e]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[c52ed11c364564d2d0d4171af213fa06]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[cc2739b43c3fe4525a4aeb460500df21]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[d023fdf0017acf67356f64cd5ca947b9]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[6e85717cdf9c3501ddc759d84bba6799]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[03f05f8eb3c857dff3b18fa29e67a759]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[5d96608d265580b6dbc9939ead583ac6]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[42b105e8cfac7eb8d8ccc56cd332ce32]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.24.6");), Ersetzt,[28cb0be2413a54e25f45c07161a405fb]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.24.619:31:25");), Ersetzt,[cc274ba281fa4beb653fb27f48bde41c]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.24.6");), Ersetzt,[9a59638a186358dec1e334fd0cf907f9]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[846f3cb1afcc55e13f65929fb74e8c74]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119403&tsp=5022");), Ersetzt,[7a79a14c710ac670e2c248e99c69a55b]
PUP.Optional.Delta.A, C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[16dd3faef3885dd96143b77a63a2d62a]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
AdwCleaner Log File
Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 15/09/2014 um 17:25:24
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : G6-2376 - HPG6
# Gestartet von : C:\Users\G6-2376\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\iMesh
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Users\G6-2376\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\G6-2376\AppData\Roaming\Babylon
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\invalidprefs.js
Datei Gelöscht : C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\user.js

***** [ Tasks ] *****

Task Gelöscht : DealPlyUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsBuddy-1
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Mozilla Firefox v32.0.1 (x86 de)

[ Datei : C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.a8af2e5268c0942dc8d011001b936572c5f890a75ea4344fa9c150da08497ff9dcom41868.41868.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "780f8908000000000000001e101f05ea");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15979");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.619:31:25");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119403&tsp=5022");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4795 octets] - [15/09/2014 17:20:07]
AdwCleaner[S0].txt - [4275 octets] - [15/09/2014 17:25:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4335 octets] ##########
         
JRT Log-File
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by G6-2376 on 15.09.2014 at 17:36:48,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{130A418B-405C-4D02-88B7-3634410A5AFF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{130A418B-405C-4D02-88B7-3634410A5AFF}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\G6-2376\AppData\Roaming\mozilla\firefox\profiles\b9k8wmcx.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.09.2014 at 17:42:58,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und das frische FRST Log-File

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by G6-2376 (administrator) on HPG6 on 15-09-2014 17:45:07
Running from C:\Users\G6-2376\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-907070689-3175279176-1283973887-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {130A418B-405C-4D02-88B7-3634410A5AFF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {A82506F1-A7C9-410F-849A-1A4B495179B1} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\..\Interfaces\{360D081A-2333-4F80-A4FA-43CB7EBD53E9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{616B63C0-22FB-49C7-B6AD-C00550F686A9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{BAC8662B-D609-4427-B6CD-AFDC5E642D8B}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\ascsurfingprotection@iobit.com [2013-10-06]
FF Extension: Adblock Plus - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [OKitSpace@Vittalia.es] - C:\Users\G6-2376\AppData\Roaming\okitspace\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-06]

Chrome: 
=======
CHR Profile: C:\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePluginFor6.crx [2013-10-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-10-16] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-22] (IDT, Inc.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 17:42 - 2014-09-15 17:42 - 00001041 _____ () C:\Users\G6-2376\Desktop\JRT.txt
2014-09-15 17:36 - 2014-09-15 17:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 17:31 - 2014-09-15 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-15 17:27 - 2014-09-15 17:28 - 00004427 _____ () C:\Users\G6-2376\Desktop\AdwCleaner.txt
2014-09-15 17:19 - 2014-09-15 17:25 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:16 - 2014-09-15 17:16 - 00044186 _____ () C:\Users\G6-2376\Desktop\mbam.txt
2014-09-15 16:50 - 2014-09-15 17:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 16:49 - 2014-09-15 16:49 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-15 16:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 16:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 16:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 16:44 - 2014-09-15 16:44 - 01016261 _____ (Thisisu) C:\Users\G6-2376\Desktop\JRT.exe
2014-09-15 16:43 - 2014-09-15 16:44 - 01373475 _____ () C:\Users\G6-2376\Desktop\AdwCleaner_3.310.exe
2014-09-14 20:43 - 2014-09-14 20:43 - 00028431 _____ () C:\ComboFix.txt
2014-09-14 20:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 20:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 20:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 20:32 - 2014-09-14 20:43 - 00000000 ____D () C:\Qoobox
2014-09-14 20:31 - 2014-09-14 20:41 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 20:12 - 2014-09-14 20:12 - 00001264 _____ () C:\Users\G6-2376\Desktop\Revo Uninstaller.lnk
2014-09-14 20:12 - 2014-09-14 20:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-14 20:10 - 2014-09-14 20:11 - 05578360 ____R (Swearware) C:\Users\G6-2376\Desktop\ComboFix.exe
2014-09-14 17:39 - 2014-09-14 17:39 - 00004684 _____ () C:\Users\G6-2376\Desktop\gmer.log
2014-09-14 17:20 - 2014-09-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 17:04 - 2014-09-14 17:04 - 00034793 _____ () C:\Users\G6-2376\Desktop\Addition.txt
2014-09-14 17:03 - 2014-09-15 17:45 - 00018685 _____ () C:\Users\G6-2376\Desktop\FRST.txt
2014-09-14 17:02 - 2014-09-15 17:45 - 00000000 ____D () C:\FRST
2014-09-14 17:01 - 2014-09-14 17:01 - 00000476 _____ () C:\Users\G6-2376\Desktop\defogger_disable.log
2014-09-14 17:01 - 2014-09-14 17:01 - 00000000 _____ () C:\Users\G6-2376\defogger_reenable
2014-09-14 16:57 - 2014-09-14 16:57 - 00380416 _____ () C:\Users\G6-2376\Desktop\Gmer-19357.exe
2014-09-14 16:56 - 2014-09-14 16:56 - 02105856 _____ (Farbar) C:\Users\G6-2376\Desktop\FRST64.exe
2014-09-14 16:54 - 2014-09-14 16:54 - 00050477 _____ () C:\Users\G6-2376\Desktop\Defogger.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 17:45 - 2014-09-14 17:03 - 00018685 _____ () C:\Users\G6-2376\Desktop\FRST.txt
2014-09-15 17:45 - 2014-09-14 17:02 - 00000000 ____D () C:\FRST
2014-09-15 17:45 - 2013-06-15 11:43 - 01477765 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 17:42 - 2014-09-15 17:42 - 00001041 _____ () C:\Users\G6-2376\Desktop\JRT.txt
2014-09-15 17:36 - 2014-09-15 17:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 17:34 - 2012-09-12 09:20 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 17:34 - 2012-09-12 09:20 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 17:34 - 2012-07-26 09:28 - 01949432 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 17:31 - 2014-09-15 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-15 17:31 - 2013-10-06 20:49 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-09-15 17:29 - 2013-10-06 16:55 - 00000000 __RSD () C:\Users\G6-2376\Documents\McAfee-Tresore
2014-09-15 17:28 - 2014-09-15 17:27 - 00004427 _____ () C:\Users\G6-2376\Desktop\AdwCleaner.txt
2014-09-15 17:26 - 2012-08-04 00:23 - 00524726 _____ () C:\Windows\PFRO.log
2014-09-15 17:26 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 17:25 - 2014-09-15 17:19 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:16 - 2014-09-15 17:16 - 00044186 _____ () C:\Users\G6-2376\Desktop\mbam.txt
2014-09-15 17:14 - 2014-09-15 16:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 17:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\tracing
2014-09-15 17:06 - 2013-08-24 23:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-15 16:49 - 2014-09-15 16:49 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-15 16:44 - 2014-09-15 16:44 - 01016261 _____ (Thisisu) C:\Users\G6-2376\Desktop\JRT.exe
2014-09-15 16:44 - 2014-09-15 16:43 - 01373475 _____ () C:\Users\G6-2376\Desktop\AdwCleaner_3.310.exe
2014-09-14 20:50 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-14 20:43 - 2014-09-14 20:43 - 00028431 _____ () C:\ComboFix.txt
2014-09-14 20:43 - 2014-09-14 20:32 - 00000000 ____D () C:\Qoobox
2014-09-14 20:41 - 2014-09-14 20:31 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 20:41 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-09-14 20:26 - 2013-08-24 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-14 20:12 - 2014-09-14 20:12 - 00001264 _____ () C:\Users\G6-2376\Desktop\Revo Uninstaller.lnk
2014-09-14 20:12 - 2014-09-14 20:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-14 20:11 - 2014-09-14 20:10 - 05578360 ____R (Swearware) C:\Users\G6-2376\Desktop\ComboFix.exe
2014-09-14 17:41 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-14 17:39 - 2014-09-14 17:39 - 00004684 _____ () C:\Users\G6-2376\Desktop\gmer.log
2014-09-14 17:28 - 2013-10-06 20:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-14 17:20 - 2014-09-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 17:04 - 2014-09-14 17:04 - 00034793 _____ () C:\Users\G6-2376\Desktop\Addition.txt
2014-09-14 17:01 - 2014-09-14 17:01 - 00000476 _____ () C:\Users\G6-2376\Desktop\defogger_disable.log
2014-09-14 17:01 - 2014-09-14 17:01 - 00000000 _____ () C:\Users\G6-2376\defogger_reenable
2014-09-14 17:01 - 2013-06-15 11:43 - 00000000 ____D () C:\Users\G6-2376
2014-09-14 16:57 - 2014-09-14 16:57 - 00380416 _____ () C:\Users\G6-2376\Desktop\Gmer-19357.exe
2014-09-14 16:56 - 2014-09-14 16:56 - 02105856 _____ (Farbar) C:\Users\G6-2376\Desktop\FRST64.exe
2014-09-14 16:54 - 2014-09-14 16:54 - 00050477 _____ () C:\Users\G6-2376\Desktop\Defogger.exe
2014-09-14 16:07 - 2013-08-24 23:05 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-14 16:02 - 2014-07-13 13:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-14 16:02 - 2014-07-13 13:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-14 15:57 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\G6-2376\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-14 19:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Vielen Dank schon mal vorab!


Alt 16.09.2014, 11:07   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy

Alt 16.09.2014, 16:16   #7
scooby_doo
 
Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Hallo schrauber,

hier die Erebnisse der Scans. Bevor ich den McAfee Virenscanner und die Firewall für den ESET-Scan deaktiviert habe, hat der Scanner noch folgenden Treffer gehabt. Keine Ahnung, ob das wichtig ist bzw. die nachfolgenden Ergebnisse verfälscht.

Treffer McAfee Total Protection (lief zu dem Zeitpunkt einfach im Hintergrund; ich hatte keinen manuellen Scan gestartet; keine Ahnung, warum der jetzt auf einmal den Treffer hatte, habe nämlich nichts runtergeladen):VLC media player 64 Bit - Chip-Installer.exe => wurde isoliert.

Hier die Log-Files:

ESET Online Scanner
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c983f22232cf5d42978d163b6bb81332
# engine=20178
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-16 02:33:27
# local_time=2014-09-16 04:33:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5125 16777214 100 100 26073 173691785 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7161503 33925629 0 0
# scanned=195755
# found=35
# cleaned=0
# scan_time=3714
sh=6D337B7209C2E4837F4075D44D5928D0F4BC54E6 ft=1 fh=c71c0011cc6930ff vn="Win32/Vittalia.K evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SoftwareUpdater\KeyGen.dll.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=72E78E27CE1534CDC8B7B8965F671247B2267BED ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\92_superfish_m.js.vir"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokhadepfhgbjhnngnmkkbcclhgjelkn\1.24.65_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=0183347D921CBE4F0438B36B89484AD72EB32317 ft=1 fh=c71c00111396f50f vn="Variante von Win32/AdWare.OkitSpace.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\G6-2376\AppData\Roaming\okitspace\IE\OKitSpace.dll.vir"
sh=1705D5014CC849194A405EFDBF6C5944D850BA1C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G6-2376\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IAIGY4T\monetizationLoader[1].js"
sh=7F88F1865FBE0A134FAEA5DA7B88C7264BBC1606 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G6-2376\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD2GC0QT\retargeting_bi_m[1].js"
sh=21E3CF9A205CF6CE97E901207AB26608BF6ADF0E ft=1 fh=a515c06cb3990a8f vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\G6-2376\Downloads\herdProtect Portable - CHIP-Installer.exe"
         
Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
McAfee Anti-Virus und Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	15.0.0.152  
 Mozilla Firefox (32.0.1) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
und das frische FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by G6-2376 (administrator) on HPG6 on 16-09-2014 17:02:32
Running from C:\Users\G6-2376\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\AppStats\MfeASUM.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-907070689-3175279176-1283973887-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {130A418B-405C-4D02-88B7-3634410A5AFF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {A82506F1-A7C9-410F-849A-1A4B495179B1} URL = https://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\..\Interfaces\{360D081A-2333-4F80-A4FA-43CB7EBD53E9}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{616B63C0-22FB-49C7-B6AD-C00550F686A9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{BAC8662B-D609-4427-B6CD-AFDC5E642D8B}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\ascsurfingprotection@iobit.com [2013-10-06]
FF Extension: Adblock Plus - C:\Users\G6-2376\AppData\Roaming\Mozilla\Firefox\Profiles\b9k8wmcx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [OKitSpace@Vittalia.es] - C:\Users\G6-2376\AppData\Roaming\okitspace\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-06]

Chrome: 
=======
CHR Profile: C:\Users\G6-2376\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-14]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePluginFor6.crx [2013-10-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0268541410879471mcinstcleanup; C:\Windows\TEMP\026854~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MfeASUM; C:\Program Files\McAfee\AppStats\MfeASUM.exe [335216 2013-10-16] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-22] (IDT, Inc.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R1 MfeASKM; C:\Program Files\McAfee\AppStats\MfeASKM.sys [31408 2013-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 17:01 - 2014-09-16 17:01 - 00000763 _____ () C:\Users\G6-2376\Desktop\Checkup.txt
2014-09-16 16:57 - 2014-09-16 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-16 16:50 - 2014-09-16 16:50 - 00011630 _____ () C:\Users\G6-2376\Desktop\ESET.txt
2014-09-16 15:51 - 2014-09-16 15:53 - 00000070 _____ () C:\Users\G6-2376\Desktop\Termine Physio.txt
2014-09-16 15:22 - 2014-09-16 15:20 - 00854417 _____ () C:\Users\G6-2376\Desktop\SecurityCheck.exe
2014-09-16 15:22 - 2014-09-16 15:19 - 02347384 _____ (ESET) C:\Users\G6-2376\Desktop\esetsmartinstaller_deu.exe
2014-09-16 15:20 - 2014-09-16 15:20 - 00854417 _____ () C:\Users\G6-2376\Downloads\SecurityCheck.exe
2014-09-16 15:19 - 2014-09-16 15:19 - 02347384 _____ (ESET) C:\Users\G6-2376\Downloads\esetsmartinstaller_deu.exe
2014-09-15 17:42 - 2014-09-15 17:42 - 00001041 _____ () C:\Users\G6-2376\Desktop\JRT.txt
2014-09-15 17:36 - 2014-09-15 17:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 17:27 - 2014-09-15 17:28 - 00004427 _____ () C:\Users\G6-2376\Desktop\AdwCleaner.txt
2014-09-15 17:19 - 2014-09-15 17:25 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:16 - 2014-09-15 17:16 - 00044186 _____ () C:\Users\G6-2376\Desktop\mbam.txt
2014-09-15 16:50 - 2014-09-15 17:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 16:49 - 2014-09-15 16:49 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-15 16:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 16:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 16:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 16:44 - 2014-09-15 16:44 - 01016261 _____ (Thisisu) C:\Users\G6-2376\Desktop\JRT.exe
2014-09-15 16:43 - 2014-09-15 16:44 - 01373475 _____ () C:\Users\G6-2376\Desktop\AdwCleaner_3.310.exe
2014-09-14 20:43 - 2014-09-14 20:43 - 00028431 _____ () C:\ComboFix.txt
2014-09-14 20:35 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 20:35 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 20:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 20:35 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 20:32 - 2014-09-14 20:43 - 00000000 ____D () C:\Qoobox
2014-09-14 20:31 - 2014-09-14 20:41 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 20:12 - 2014-09-14 20:12 - 00001264 _____ () C:\Users\G6-2376\Desktop\Revo Uninstaller.lnk
2014-09-14 20:12 - 2014-09-14 20:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-14 20:10 - 2014-09-14 20:11 - 05578360 ____R (Swearware) C:\Users\G6-2376\Desktop\ComboFix.exe
2014-09-14 17:39 - 2014-09-14 17:39 - 00004684 _____ () C:\Users\G6-2376\Desktop\gmer.log
2014-09-14 17:20 - 2014-09-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 17:04 - 2014-09-14 17:04 - 00034793 _____ () C:\Users\G6-2376\Desktop\Addition.txt
2014-09-14 17:03 - 2014-09-16 17:02 - 00019393 _____ () C:\Users\G6-2376\Desktop\FRST.txt
2014-09-14 17:02 - 2014-09-16 17:02 - 00000000 ____D () C:\FRST
2014-09-14 17:01 - 2014-09-14 17:01 - 00000476 _____ () C:\Users\G6-2376\Desktop\defogger_disable.log
2014-09-14 17:01 - 2014-09-14 17:01 - 00000000 _____ () C:\Users\G6-2376\defogger_reenable
2014-09-14 16:57 - 2014-09-14 16:57 - 00380416 _____ () C:\Users\G6-2376\Desktop\Gmer-19357.exe
2014-09-14 16:56 - 2014-09-14 16:56 - 02105856 _____ (Farbar) C:\Users\G6-2376\Desktop\FRST64.exe
2014-09-14 16:54 - 2014-09-14 16:54 - 00050477 _____ () C:\Users\G6-2376\Desktop\Defogger.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 17:02 - 2014-09-14 17:03 - 00019393 _____ () C:\Users\G6-2376\Desktop\FRST.txt
2014-09-16 17:02 - 2014-09-14 17:02 - 00000000 ____D () C:\FRST
2014-09-16 17:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-16 17:01 - 2014-09-16 17:01 - 00000763 _____ () C:\Users\G6-2376\Desktop\Checkup.txt
2014-09-16 16:59 - 2012-09-12 09:20 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-09-16 16:59 - 2012-09-12 09:20 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-09-16 16:59 - 2012-07-26 09:28 - 01949432 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 16:57 - 2014-09-16 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-16 16:57 - 2013-10-06 20:49 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-09-16 16:57 - 2013-10-06 20:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-16 16:55 - 2013-10-06 16:55 - 00000000 __RSD () C:\Users\G6-2376\Documents\McAfee-Tresore
2014-09-16 16:53 - 2013-06-15 11:43 - 01615336 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 16:52 - 2012-08-04 00:23 - 00526104 _____ () C:\Windows\PFRO.log
2014-09-16 16:52 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 16:50 - 2014-09-16 16:50 - 00011630 _____ () C:\Users\G6-2376\Desktop\ESET.txt
2014-09-16 16:06 - 2013-08-24 23:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 15:53 - 2014-09-16 15:51 - 00000070 _____ () C:\Users\G6-2376\Desktop\Termine Physio.txt
2014-09-16 15:20 - 2014-09-16 15:22 - 00854417 _____ () C:\Users\G6-2376\Desktop\SecurityCheck.exe
2014-09-16 15:20 - 2014-09-16 15:20 - 00854417 _____ () C:\Users\G6-2376\Downloads\SecurityCheck.exe
2014-09-16 15:19 - 2014-09-16 15:22 - 02347384 _____ (ESET) C:\Users\G6-2376\Desktop\esetsmartinstaller_deu.exe
2014-09-16 15:19 - 2014-09-16 15:19 - 02347384 _____ (ESET) C:\Users\G6-2376\Downloads\esetsmartinstaller_deu.exe
2014-09-16 13:29 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-16 09:18 - 2013-10-06 20:48 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-16 09:17 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-15 17:42 - 2014-09-15 17:42 - 00001041 _____ () C:\Users\G6-2376\Desktop\JRT.txt
2014-09-15 17:36 - 2014-09-15 17:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 17:28 - 2014-09-15 17:27 - 00004427 _____ () C:\Users\G6-2376\Desktop\AdwCleaner.txt
2014-09-15 17:25 - 2014-09-15 17:19 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:16 - 2014-09-15 17:16 - 00044186 _____ () C:\Users\G6-2376\Desktop\mbam.txt
2014-09-15 17:14 - 2014-09-15 16:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 17:10 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\tracing
2014-09-15 16:49 - 2014-09-15 16:49 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-15 16:44 - 2014-09-15 16:44 - 01016261 _____ (Thisisu) C:\Users\G6-2376\Desktop\JRT.exe
2014-09-15 16:44 - 2014-09-15 16:43 - 01373475 _____ () C:\Users\G6-2376\Desktop\AdwCleaner_3.310.exe
2014-09-14 20:43 - 2014-09-14 20:43 - 00028431 _____ () C:\ComboFix.txt
2014-09-14 20:43 - 2014-09-14 20:32 - 00000000 ____D () C:\Qoobox
2014-09-14 20:41 - 2014-09-14 20:31 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 20:41 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-09-14 20:26 - 2013-08-24 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-14 20:12 - 2014-09-14 20:12 - 00001264 _____ () C:\Users\G6-2376\Desktop\Revo Uninstaller.lnk
2014-09-14 20:12 - 2014-09-14 20:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-14 20:11 - 2014-09-14 20:10 - 05578360 ____R (Swearware) C:\Users\G6-2376\Desktop\ComboFix.exe
2014-09-14 17:41 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-14 17:39 - 2014-09-14 17:39 - 00004684 _____ () C:\Users\G6-2376\Desktop\gmer.log
2014-09-14 17:20 - 2014-09-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 17:04 - 2014-09-14 17:04 - 00034793 _____ () C:\Users\G6-2376\Desktop\Addition.txt
2014-09-14 17:01 - 2014-09-14 17:01 - 00000476 _____ () C:\Users\G6-2376\Desktop\defogger_disable.log
2014-09-14 17:01 - 2014-09-14 17:01 - 00000000 _____ () C:\Users\G6-2376\defogger_reenable
2014-09-14 17:01 - 2013-06-15 11:43 - 00000000 ____D () C:\Users\G6-2376
2014-09-14 16:57 - 2014-09-14 16:57 - 00380416 _____ () C:\Users\G6-2376\Desktop\Gmer-19357.exe
2014-09-14 16:56 - 2014-09-14 16:56 - 02105856 _____ (Farbar) C:\Users\G6-2376\Desktop\FRST64.exe
2014-09-14 16:54 - 2014-09-14 16:54 - 00050477 _____ () C:\Users\G6-2376\Desktop\Defogger.exe
2014-09-14 16:07 - 2013-08-24 23:05 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-14 16:02 - 2014-07-13 13:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-14 16:02 - 2014-07-13 13:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-14 15:57 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\G6-2376\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-14 19:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Nochmals vielen Dank!

Alt 17.09.2014, 08:03   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.09.2014, 12:55   #9
scooby_doo
 
Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Hallo schrauber,

danke für die tolle Hilfe. Allerdings habe ich ein kleines Problem bei der Entfernung von Combofix. Die Deinstallion über Ausführen => Combofix/Uninstall hat nicht funktioniert. Daher habe ich die Datei, die auf dem Desktop liegt in uninstall.exe umbenannt und gestartet; wie angewiesen.

Jetzt habe ich zwei desktop.ini Dateien (eine davon halb-transparent) und eine uninstall.exe.exe (keine Ahnung, warum 2 mal .exe; ich habs nur ein mal eingegeben) auf dem Desktop liegen. Das Icon der uninstall.exe.exe ist dieser roter Raubkatzenkopf von Combofix. Außerdem hat McAfee nachdem ich die Datei in uninstall.exe umbenannt habe, diese als Trojaner angezeigt. Ich habe versucht, sie wieder herzustellen und habe den Scanner danach ausgeschaltet. War nur so lange aktiv, wie ich online war für das update.

Meine Frage: Ist Combofix nun deinstalliert oder nicht?

Vielen Dank für die Antwort!

Alt 17.09.2014, 20:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Umbenannte Combofix löschen, neu laden, Desktop speichern, nicht umbenennen.

Befehl nochmal eintippen, davon dann einen Screenshot damit ich sehe was Du tippst.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2014, 09:48   #11
scooby_doo
 
Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Hallo schrauber,

vielen Dank für deine tolle Hilfe! Du hast mich wirklich sehr gut und vor allem sehr strukturiert durch die Problemlösung geführt. Vielen Dank und ein ganz großes Lob!!!

Die Deinstallation von Combofix hat nun im zweiten Anlauf auch funktioniert. Habe einfach die alte umbenannte Datei gelöscht, eine neue geladen und noch einmal das ganze Prozedere gemacht. Also mit Umbennen und starten. Und dann hat es funktioniert. Dann noch Delfix drüber laufen lassen und im Anschluss deine restlichen Tipps für ein nachhaltig sicheres Browsen umgesetzt. Auch hierfür vielen Dank!

Eine letzte Frage hätte ich noch: Ist nun auch der Surfstick virenfrei, d.h. kann ich ihn bedenkenlos an andere Rechner anschließen, oder geht von ihm evtl. weiterhin ein Infektionsrisiko aus???

Ansonsten hat alles super geklappt und nochmals Danke für deine Hilfe und ein schönes Wochenenden!

Alt 19.09.2014, 19:13   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Scan den Stick einmal mit deinem AV, das sollte dann passen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.09.2014, 17:24   #13
scooby_doo
 
Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Hallo schrauber,

so, habe den Stick mal McAfee gescannt und keine Treffe angezeigt bekommen. Ich hoffe also auch der virenfrei ist und bedanke mich für deine guidence!

Schönes Wochenende und

Alt 21.09.2014, 09:43   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Standard

Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy
branding, device driver, fehlercode 0x5, fehlercode 0xc0000005, flash player, installation, js/toolbar.crossrider.a, js/toolbar.crossrider.b, launch, mcafee firewall, programm, pup.optional.babylon.a, pup.optional.bundleinstaller.a, pup.optional.crossrider.a, pup.optional.delta.a, pup.optional.dsearchlink.a, pup.optional.offerbox.a, pup.optional.plushd.a, pup.optional.softwareupdater, pup.optional.softwareupdater.a, pup.optional.vittalia, software, svchost.exe, vcredist, werbung, win32/adware.okitspace.a, win32/downloadsponsor.a, win32/vittalia.k



Ähnliche Themen: Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy


  1. Windows 8: doppelt unterstrichene Wörter in Firefox, u.a. mpcdn1 . com
    Log-Analyse und Auswertung - 30.09.2014 (9)
  2. Windows 7: Chrome öffnet Fenster, Tabs und PopUps mit Werbung und Wörter doppelt blau unterstrichen
    Log-Analyse und Auswertung - 10.09.2014 (9)
  3. grüne unterstrichene wörter mit werbung bei firefox
    Log-Analyse und Auswertung - 05.07.2014 (3)
  4. Firefox erscheinen doppelt unterstichene Wörter und es erschein ein Verweis auf "MediaPlayerTotal" Holen Mediaplayer
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (18)
  5. doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf
    Plagegeister aller Art und deren Bekämpfung - 09.05.2014 (27)
  6. Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten
    Log-Analyse und Auswertung - 04.05.2014 (7)
  7. Firefox --> Einzelne Wörter doppelt unterstrichen, blau unterlegt. Popups öffnen sich beim Herüberfahren
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (1)
  8. Windows 7: Werbung und Popups im Firefox, unterstrichene Wörter mit PopUps bei Mouse-Over EXP/JAVA.Rafold.A.Gen
    Log-Analyse und Auswertung - 03.02.2014 (5)
  9. firefox, doppelt-unterstrichene grüne links mit popups
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (1)
  10. Firefox erscheinen doppelt unterstichene Wörter; es erschein ein Verweis auf "MediaPlayerTotal" Holen Mediaplayer
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (23)
  11. doppelt unterstrichene Wörter, Werbetabs, Popups bei Firefox
    Log-Analyse und Auswertung - 24.12.2013 (7)
  12. grüne, doppelt-unterstrichene Wörter auf Webseiten öffnen Pop-up Fenster
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (9)
  13. In Firefox erscheinen doppelt unterstichene Wörter und es erscheint ein Verweis auf "MediaPlayerTotal" - was tun?
    Log-Analyse und Auswertung - 11.12.2013 (11)
  14. Werbeeinblendungen und grüne Texte bzw. Wörter doppelt unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (1)
  15. Grüne und doppelt unterstichene Links, Werbepopups und rvzr popups
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (3)
  16. Grüne Wörter doppelt unterstrichen auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (17)
  17. TubeSaver-Virus, doppelt untersrichene Wörter auf websides die zuPopups werden, viele Popups, Windows XP Professional 32bit
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (12)

Zum Thema Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy - Hallo liebe Community, ich wollte einer Bekannten bei dem Virenbefall Ihres Rechners helfen, stoße allerdings selber an meine Grenzen, daher bitte ich in nachfolgender Situation um eure Hilfe. Beim Surfen - Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy...
Archiv
Du betrachtest: Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.