Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.06.2015, 01:41   #1
Marrel
 
Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



Hallo,
seit einiger Zeit ist mein physikalischer Arbeitsspeicher zunehmend ausgelastet. Außerdem muss ich für Seiten wie z.B. Youtube einen Adblocker benutzen, weil ich sonst von Werbung (keine reguläre Werbung im Video, sondern Werbung auf der Benutzeroberfläche) überschwemmt werde (Stichtest vor 5 Minuten: 3 Sekunden und 25 Blocks, hatte aber auch schon einmal eine Youtube Seite mit 200 Blocks).

Ich habe folgende Logs wie angewiesen durchgeführt:

defogger_disable.txt:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:47 on 08/06/2015 (Marrel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Gmer.txt.:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-08 01:39:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: Gmer-19357.exe; Driver: C:\Users\Marrel\AppData\Local\Temp\kxriypog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                            fffff80003002000 63 bytes [43, 4D, 32, 35, 01, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592                                                                                                                                            fffff80003002040 13 bytes [01, 80, AC, 16, A0, F8, FF, ...]

---- User code sections - GMER 2.1 ----

.text     c:\postgreSQL\bin\postgres.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                  0000000074ff1465 2 bytes [FF, 74]
.text     c:\postgreSQL\bin\postgres.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                 0000000074ff14bb 2 bytes [FF, 74]
.text     ...                                                                                                                                                                                                           * 2
---- Processes - GMER 2.1 ----

Process   C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [1608](2010-05-08 11:48:36)                                                                  0000000000400000
Process   C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2588] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-05-08 11:48:26)  0000000000400000
Library   C:\Users\Marrel\Downloads\FRST64.exe (*** suspicious ***) @ C:\Users\Marrel\Downloads\FRST64.exe [2124]                                                                                                       000000013f530000

---- EOF - GMER 2.1 ----
         
Addition.txt:
Code:
ATTFilter
dditional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Marrel at 2015-06-08 00:17:09
Running from C:\Users\Marrel\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1623171927-3149244632-4192914800-500 - Administrator - Disabled)
Gast (S-1-5-21-1623171927-3149244632-4192914800-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1623171927-3149244632-4192914800-1002 - Limited - Enabled)
Marrel (S-1-5-21-1623171927-3149244632-4192914800-1000 - Administrator - Enabled) => C:\Users\Marrel
X (S-1-5-21-1623171927-3149244632-4192914800-1003 - Limited - Enabled) => C:\Users\X
postgres (S-1-5-21-1623171927-3149244632-4192914800-1005 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1310 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
a2zLyrics (HKLM-x32\...\7D05A411-F1D1-7148-7450-5F318274BDB1) (Version:  - a2zLyrics-software) <==== ATTENTION
Abyss (HKLM-x32\...\{406656D9-548A-4451-8FDD-69A8A60B3DBC}) (Version: 1.0.0.0 - DigiPen Institute of Technology)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ANNO 1602 Königs-Edition (HKLM-x32\...\ANNO 1602 Königs-Edition) (Version:  - )
Apophysis 2.0 (HKLM-x32\...\Apophysis 2.0) (Version:  - )
Apowersoft Gratis - Audiorekorder V2.1.7 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.1.7 - Apowersoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BabylonObjectInstaller (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version:  - )
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DealBulldog Toolbar (HKLM-x32\...\DealBulldog Toolbar) (Version:  - ) <==== ATTENTION
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elite Force (HKLM-x32\...\Elite Force) (Version:  - )
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0805 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free Hide IP (HKLM-x32\...\FreeHideIP) (Version: 4.0.1.6 - )
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Fritz6 (HKLM-x32\...\{E51F8EB2-0F55-4F80-9A1E-CE84BE063045}) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster 3_is1) (Version: 3.0 - IObit)
GoforFiles (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
GoforFiles (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Might and Magic® III (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Turbo (HKLM-x32\...\{B69EF583-75E4-4C52-B912-C711D937D648}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\{09961fa0-90bc-4ba8-9782-f4109c8597c2}) (Version: 1.31.20.10825 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\{fa665153-9cc6-47ab-8414-c06913b4d13a}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{09961fa0-90bc-4ba8-9782-f4109c8597c2}) (Version: 1.31.20.10825 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{fa665153-9cc6-47ab-8414-c06913b4d13a}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kikin Plugin (NO23 Edition) 1.11 (HKLM-x32\...\kikin Plugin (NO23 Edition)) (Version: 1.11 - kikin)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - eMachines)
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.03.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
NCH EN Toolbar (HKLM-x32\...\NCH_EN Toolbar) (Version: 6.8.5.1 - NCH EN)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nous Ver: 1.04 (HKLM-x32\...\{9A96022A-B5D0-4314-AA09-459907AF6F3D}_is1) (Version:  - DigiPen)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
PokerStrategy.com Equilab (HKLM-x32\...\{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}) (Version: 1.2.5.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.27 - NCH Software)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSD Viewer (HKLM-x32\...\{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1) (Version:  - IdeaMK)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 4.32 - NCH Software)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skispringen 2002 (HKLM-x32\...\{5E4EF02B-4C5F-4B35-AB77-41284456165A}) (Version:  - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.26 - NCH Software)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strategic War Command (HKLM-x32\...\{92677021-8835-6181-5178-752285230159}) (Version: 2.02 - rondomedia)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version:  - )
Structorizer (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Structorizer) (Version:  - Bob Fisch)
Structorizer (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Structorizer) (Version:  - Bob Fisch)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
The Movies(TM) Demo (HKLM-x32\...\InstallShield_{2E2BBF0D-EF39-42EA-9D96-F33AEE22904B}) (Version: 1.0 - Ihr Firmenname)
The Movies(TM) Demo (x32 Version: 1.0 - Ihr Firmenname) Hidden
The Talos Principle Demo (HKLM-x32\...\Steam App 330710) (Version:  - Croteam)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{888DD888-82BE-4D85-BCB2-2E042CD3E844}) (Version: 1.05.157 - Ubisoft)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unreal Anthology (HKLM-x32\...\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}) (Version: 1.00.0000 - Epic Games, Inc.)
Video Downloader (HKLM-x32\...\Video Downloader) (Version: 1.14 - hxxp://www.vgrabber.com)
Video Web Camera (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.1.7.2 - Suyin Optronics Corp)
Virtua Tennis (HKLM-x32\...\{EADF648F-1711-11D6-AFAD-0040052179B6}) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
         
Frst.txt.:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Marrel (administrator) on Marrel-PC on 08-06-2015 00:24:09
Running from C:\Users\Marrel\Downloads
Loaded Profiles: Marrel & postgres &  (Available Profiles: Marrel & X & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\DCService.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Users\Marrel\Desktop\mbar\mbar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Marrel\Desktop\Defogger (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\MountPoints2: {1bf890a5-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\MountPoints2: {1bf890b6-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bf890a5-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bf890b6-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1000] => http=;ftp=;https=;
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=;ftp=;https=;
ProxyEnable: [S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => http=127.0.0.1:13828
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1005 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: a2zLyrics -> {BB43A0A3-3F51-CCE3-D565-A22150A9CF21} -> C:\Program Files (x86)\ver3a2zLyrics\178_x64.dll [2014-09-19] ()
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll No File
BHO-x32: No Name -> {37483b40-c254-4a72-bda4-22ee90182c1e} ->  No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: kikin Plugin -> {E601996F-E400-41CA-804B-CD6373A7EEE2} -> C:\Program Files (x86)\kikin\ie_kikin.dll [2010-11-23] (kikin)
BHO-x32: SMTTB2009 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll [2011-06-22] ()
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} -  No File
Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} -  No File
Toolbar: HKLM-x32 - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: [NameServer] 193.189.244.225 193.189.244.206
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405683532&from=smt&uid=WDCXWD6400BEVT-22A0RT0_WD-WXP1A80S5655S5655

FireFox:
========
FF ProfilePath: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&installDate=18/07/2013&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF user.js: detected! => C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\user.js [2014-09-19]
FF SearchPlugin: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\searchplugins\Web Search.xml [2013-12-31]
FF Extension: General Crawler - C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-04-20]
FF Extension: Plus-HD-1.6c - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com [2015-01-04]
FF Extension: Avira Browser Safety - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\abs@avira.com [2014-12-25]
FF Extension: Internet Turbo - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c} [2013-12-11]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-11-10]
FF Extension: TurnTool Viewer - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\ViewerInstall.xpi [2013-01-30]
FF Extension: Adblock Plus - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-15]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [{56785E7F-4711-0B8B-95D3-4F5852047D9B}] - C:\Program Files (x86)\ver3a2zLyrics\178.xpi
FF Extension: a2zLyrics - C:\Program Files (x86)\ver3a2zLyrics\178.xpi [2014-09-19]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{56785E7F-4711-0B8B-95D3-4F5852047D9B}] - C:\Program Files (x86)\ver3a2zLyrics\178.xpi

Chrome: 
=======
CHR Profile: C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21]
CHR Extension: (General Crawler) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2014-09-19]
CHR Extension: (Bookmark Manager) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-04-20]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [841248 2010-02-26] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Software\Musikrecorder\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-03] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-17] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-23] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [488568 2012-04-28] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-07] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-07] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [120440 2012-05-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2068600 2012-05-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2013-12-08] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S2 webinstr; \??\C:\Windows\system32\Drivers\webinstr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 00:23 - 2015-06-08 00:23 - 00000246 _____ C:\Windows\SysWOW64\defogger_enable.log
2015-06-08 00:21 - 2015-06-08 00:23 - 00000474 _____ C:\Windows\SysWOW64\defogger_disable.log
2015-06-08 00:17 - 2015-06-08 00:17 - 00026405 _____ C:\Users\Marrel\Downloads\Addition.txt
2015-06-08 00:14 - 2015-06-08 00:24 - 00033636 _____ C:\Users\Marrel\Downloads\FRST.txt
2015-06-08 00:13 - 2015-06-08 00:24 - 00000000 ____D C:\FRST
2015-06-08 00:13 - 2015-06-08 00:13 - 02108928 _____ (Farbar) C:\Users\Marrel\Downloads\FRST64.exe
2015-06-08 00:12 - 2015-06-08 00:12 - 00050477 _____ C:\Users\Marrel\Desktop\Defogger (1).exe
2015-06-08 00:11 - 2015-06-08 00:11 - 00050477 _____ C:\Users\Marrel\Downloads\Defogger.exe
2015-06-07 21:13 - 2015-06-07 23:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-07 21:13 - 2015-06-07 23:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 21:11 - 2015-06-07 23:18 - 00000000 ____D C:\Users\Marrel\Desktop\mbar
2015-06-07 21:11 - 2015-06-07 21:23 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-07 21:10 - 2015-06-07 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marrel\Downloads\mbar-1.09.1.1004.exe
2015-06-07 20:19 - 2015-06-07 20:19 - 00276928 _____ C:\Windows\Minidump\060715-29686-01.dmp
2015-06-07 20:06 - 2015-06-07 20:06 - 00276928 _____ C:\Windows\Minidump\060715-30217-01.dmp
2015-06-06 23:40 - 2015-06-06 23:40 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-06 23:25 - 2015-06-06 23:28 - 110090565 _____ C:\Users\Marrel\Downloads\8311_Hm2AutoUpdate.exe
2015-06-06 04:30 - 2015-06-06 04:30 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-06-06 01:21 - 2015-06-06 01:21 - 00000000 ____D C:\bildschirm
2015-06-04 02:04 - 2015-06-04 02:05 - 00000000 ____D C:\Users\Marrel\AppData\Local\{A9CE8B73-A121-4CC9-ACFA-F89C8FFE2709}
2015-05-19 16:55 - 2015-05-19 16:56 - 00000000 ____D C:\Users\Marrel\Documents\UniversalReplayer
2015-05-19 16:54 - 2015-05-19 17:36 - 00002180 _____ C:\Users\Marrel\URPreferences.xml
2015-05-19 16:44 - 2015-05-19 16:44 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer (1).jnlp
2015-05-19 16:43 - 2015-05-19 16:44 - 00562272 _____ (Oracle Corporation) C:\Users\Marrel\Downloads\chromeinstall-8u45.exe
2015-05-19 16:40 - 2015-05-19 16:41 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer.jnlp
2015-05-17 02:59 - 2015-05-17 02:59 - 00010940 _____ C:\Users\Marrel\Documents\pokerbook.odt
2015-05-13 19:54 - 2015-05-13 19:54 - 00000000 ____D C:\Users\Marrel\AppData\Local\{89E771F2-90A2-4135-A699-1C8388D74046}
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\Program Files (x86)\PSDViewer
2015-05-10 04:10 - 2015-05-10 04:10 - 01203488 _____ C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 00:26 - 2013-04-20 13:18 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-06-08 00:23 - 2012-03-23 23:11 - 00000000 ____D C:\Users\Marrel
2015-06-08 00:09 - 2013-04-20 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles
2015-06-08 00:09 - 2013-04-20 12:56 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2015-06-08 00:03 - 2012-04-09 03:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 23:45 - 2012-03-23 22:39 - 01995154 _____ C:\Windows\WindowsUpdate.log
2015-06-07 23:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 23:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 23:30 - 2012-03-24 07:31 - 22396180 _____ C:\Windows\system32\perfh007.dat
2015-06-07 23:30 - 2012-03-24 07:31 - 07215964 _____ C:\Windows\system32\perfc007.dat
2015-06-07 23:30 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 23:25 - 2014-09-19 01:30 - 00000408 _____ C:\Windows\Tasks\a2zLyrics Update.job
2015-06-07 23:25 - 2014-07-31 20:20 - 00263754 _____ C:\Windows\PFRO.log
2015-06-07 23:25 - 2014-07-31 03:28 - 00061958 _____ C:\Windows\setupact.log
2015-06-07 23:25 - 2013-06-20 06:47 - 00001832 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001200 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001196 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001100 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2015-06-07 23:25 - 2012-05-11 15:12 - 00000000 ____D C:\Users\postgres
2015-06-07 23:25 - 2012-04-09 03:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 23:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-07 23:18 - 2013-06-20 06:47 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\WebCake
2015-06-07 23:18 - 2013-06-20 06:47 - 00000000 ____D C:\Program Files (x86)\WebCake
2015-06-07 20:57 - 2014-09-15 18:08 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Skype
2015-06-07 20:43 - 2012-05-11 15:24 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\HoldemManager
2015-06-07 20:23 - 2012-03-24 00:07 - 00000000 ____D C:\Users\Marrel\AppData\Local\PokerStars.EU
2015-06-07 20:22 - 2014-03-18 12:20 - 00000000 ____D C:\a
2015-06-07 20:19 - 2013-05-06 18:36 - 00000000 ____D C:\Windows\Minidump
2015-06-07 20:18 - 2014-07-31 20:20 - 468712171 _____ C:\Windows\MEMORY.DMP
2015-06-06 23:33 - 2012-05-11 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-06-06 00:45 - 2013-07-25 00:45 - 00000058 _____ C:\Windows\ChssBase.ini
2015-06-05 03:49 - 2015-02-19 01:27 - 00004305 _____ C:\blitzerr.txt
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ____D C:\ProgramData\Skype
2015-05-30 17:07 - 2012-04-30 13:40 - 00000000 ____D C:\Users\Marrel\AppData\Local\Equilab
2015-05-25 20:23 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:02 - 2014-10-06 02:04 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412553844
2015-05-20 20:02 - 2014-10-06 02:04 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-17 03:58 - 2012-04-09 03:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:58 - 2012-04-09 03:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:20 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2013-07-29 10:21 - 2013-07-29 10:21 - 0051992 _____ (cake bake) C:\Program Files (x86)\WDesktop.Updater.exe
2014-03-21 03:27 - 2014-03-21 03:27 - 0072341 _____ () C:\Users\Marrel\AppData\Roaming\Debut.dmp
2013-12-08 21:30 - 2013-12-08 21:30 - 0001181 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt
2013-12-08 21:30 - 2013-12-08 21:30 - 0000000 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Marrel\AppData\Local\CDRip.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Marrel\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Marrel\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Marrel\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Marrel\AppData\Local\ogg.dll
2014-12-01 18:35 - 2014-12-01 18:35 - 0001456 _____ () C:\Users\Marrel\AppData\Local\RecConfig.xml
2012-06-04 09:59 - 2015-01-12 00:30 - 0007593 _____ () C:\Users\Marrel\AppData\Local\Resmon.ResmonCfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Marrel\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Marrel\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Marrel\AppData\Local\vorbisfile.dll
2013-06-15 00:39 - 2013-06-24 23:54 - 0001181 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Marrel\AppData\Local\Temp\avgnt.exe
C:\Users\Marrel\AppData\Local\Temp\ffmpeg16.exe
C:\Users\Marrel\AppData\Local\Temp\ffmpeg19.exe
C:\Users\Marrel\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Marrel\AppData\Local\Temp\prismsetup.exe
C:\Users\Marrel\AppData\Local\Temp\uninst.exe
C:\Users\Marrel\AppData\Local\Temp\yFlW0.dll
C:\Users\Marrel\AppData\Local\Temp\yFlW0.exe
C:\Users\Marrel\AppData\Local\Temp\_LookF.exe
C:\Users\X\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 06:21

==================== End of log ============================
         
Außerdem habe ich zuvor schon einen Scan mit Malewarebyts Anti-Rootkit gemacht mit 5 Treffern:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.07.05
  rootkit: v2015.06.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marrel :: Marrel-PC [administrator]

07/06/2015 21:29:16
mbar-log-2015-06-07 (21-29-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 483781
Time elapsed: 1 hour(s), 45 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Marrel\AppData\Roaming\WebCake\WebCakeDesktop.exe (Adware.WebCake) -> Delete on reboot. [568b4671474361d59eac9cc4c541f60a]
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (Adware.WebCake) -> Delete on reboot. [429fbef9f991300669e1421ed5318f71]
C:\Users\X\AppData\Local\Temp\Low\hkRR.dll (Trojan.FakeMS.ED) -> Delete on reboot. [22bf981f92f8bc7a76e04c764fb2b24e]
C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf (PUP.Optional.WebInstr.A) -> Delete on reboot. []
C:\Windows\System32\drivers\webinstr.sys (PUP.Optional.AddLyrics) -> Delete on reboot. [46676950e690ec64f0d776263b28f622]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Nachdem ich mein System hiervon gesäubert habe, habe ich einen weiteren Scan mit Malewarebytes gemacht. Diesmal hat er keine Maleware gefunden worden:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.07.05
  rootkit: v2015.06.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marrel :: Marrel-PC [administrator]

07/06/2015 23:31:59
mbar-log-2015-06-07 (23-31-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 482186
Time elapsed: 1 hour(s), 33 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


für jegliche Hilfe.

Gruß Marrel

Alt 08.06.2015, 04:46   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    a2zLyrics

    BabylonObjectInstaller

    DealBulldog Toolbar

    GoforFiles

    GoforFiles

    WebCake 3.00

    WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION



  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 08.06.2015, 10:00   #3
Marrel
 
Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



Danke für die schnelle Antwort.

Mit Revo Unistaller habe ich die meisten Programme aus der Liste Deinstaliert.
Nicht auffindbar war:
WebCake 3.00
Außerdem habe ich
GoforFiles
nur 1x gefunden (hattest du doppelt angegeben)

Hier der Log von
C:\Combofix.txt:
Code:
ATTFilter
ComboFix 15-05-31.01 - Marrel 08/06/2015  10:15:27.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4026.2304 [GMT 2:00]
ausgeführt von:: c:\users\Marrel\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CoolLyrics
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\kikin_updater_2.0.0.11.exe
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\program files (x86)\LyricsContainer
c:\program files (x86)\Windows Searchqu Toolbar
c:\users\Marrel\AppData\Local\lame_enc.dll
c:\users\Marrel\AppData\Local\no23xwrapper.dll
c:\users\Marrel\AppData\Local\ogg.dll
c:\users\Marrel\AppData\Local\vorbis.dll
c:\users\Marrel\AppData\Local\vorbisenc.dll
c:\users\Marrel\AppData\Local\vorbisfile.dll
c:\users\Marrel\AppData\Roaming\kikin
c:\users\Marrel\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Marrel\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Marrel\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Marrel\AppData\Roaming\kikin\ie_settings.xml
c:\users\Marrel\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
c:\users\Marrel\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
c:\users\Marrel\AppData\Roaming\Microsoft\Windows\Recent\29. 15.32-46, 21.21-31, 22.17-43, 23.51-24.06 u. 25.01-17 25.38-49, 27.16-30 K1.url
c:\users\Marrel\AppData\Roaming\Roaming
c:\users\Marrel\AppData\Roaming\Roaming\HoldemManager\config\PokerstarsZoomTables.xml
c:\users\X\AppData\Roaming\kikin
c:\users\X\AppData\Roaming\kikin\ie_configuration.xml
c:\users\X\AppData\Roaming\kikin\ie_kkes.xml
c:\users\X\AppData\Roaming\kikin\ie_settings.xml
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-05-08 bis 2015-06-08  ))))))))))))))))))))))))))))))
.
.
2015-06-07 22:13 . 2015-06-07 22:26	--------	d-----w-	C:\FRST
2015-06-07 19:13 . 2015-06-08 07:24	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-07 19:13 . 2015-06-07 21:31	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-07 19:11 . 2015-06-07 19:23	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-06 21:40 . 2015-06-06 21:40	--------	d-----w-	c:\users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-05 23:21 . 2015-06-05 23:21	--------	d-----w-	C:\bildschirm
2015-05-10 02:13 . 2015-05-10 02:13	--------	d-----w-	c:\program files (x86)\PSDViewer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-05 13:31 . 2014-02-11 22:12	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-05 13:31 . 2014-02-11 22:12	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-03-29 00:43 . 2014-04-27 20:36	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-12 06:52 . 2014-02-11 22:12	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-07-29 08:21 . 2013-07-29 08:21	51992	----a-w-	c:\program files (x86)\WDesktop.Updater.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 webinstr;webinstr;c:\windows\system32\Drivers\webinstr.sys;c:\windows\SYSNATIVE\Drivers\webinstr.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\software\Musikrecorder\Common\Database\bin\fbserver.exe;c:\software\Musikrecorder\Common\Database\bin\fbserver.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 stdriver;SoundTap Filter Driver v6.07.00;c:\windows\system32\DRIVERS\stdriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriverx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-25 19:04	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 03:40]
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 03:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-02-26 818720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube to MP3 Converter - c:\users\Marrel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&installDate=18/07/2013&q=
FF - ExtSQL: !HIDDEN! 2013-06-15 00:44; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110311201102} - c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll
BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
BHO-{BB43A0A3-3F51-CCE3-D565-A22150A9CF21} - c:\program files (x86)\ver3a2zLyrics\178_x64.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-7-Zip - c:\sovtware\ZIP2\7-Zip\Uninstall.exe
AddRemove-ANNO 1602 Königs-Edition - c:\windows\IsUn0407.exe
AddRemove-ASIO4ALL - c:\sovtware\Videorecorder\Wavegerät\ASIO4ALLjo\uninstall.exe
AddRemove-CamStudio - c:\sovtware\Videorecorder\CamStudio\uninstall.exe
AddRemove-Elite Force - c:\windows\IsUn0407.exe
AddRemove-Heroes of Might and Magic® III - c:\windows\IsUn0407.exe
AddRemove-HyperCam 2 - c:\sovtware\Videorecorder\HyperCam 2\HcUnInst.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files (x86)\kikin\uninst.exe
AddRemove-NCH_EN Toolbar - c:\program files (x86)\NCH_EN\uninstall.exe
AddRemove-PokerStars - c:\unterhaltung\x1\PokerStarsUninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-VLC media player - c:\users\Marrel\Desktop\VLC\uninstall.exe
AddRemove-Structorizer - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\postgresql\bin\pg_ctl.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-08  10:44:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-08 08:44
.
Vor Suchlauf: 28 Verzeichnis(se), 461,346,840,576 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 460,820,525,056 Bytes frei
.
- - End Of File - - 1EB7BDBD0BE5721F1491AA2C1289A810
         
__________________

Alt 08.06.2015, 20:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.06.2015, 01:15   #5
Marrel
 
Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Antwort Teil 1 von 2



AdwCleaner[S0].txt:
Code:
ATTFilter
# AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 00:03:40
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-05-31.5 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Marrel - Marrel-PC
# Gestarted von : C:\Users\Marrel\Downloads\AdwCleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\goforfiles
Ordner Gelöscht : C:\Program Files (x86)\vGrabber-software
Ordner Gelöscht : C:\Program Files (x86)\Web Cake
Ordner Gelöscht : C:\Program Files (x86)\WebCake
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Marrel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marrel\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Marrel\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Web Cake
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Ordner Gelöscht : C:\Users\X\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\X\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.anisearch.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.anisearch.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gelöscht : C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{56785E7F-4711-0B8B-95D3-4F5852047D9B}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchCore for Browsers
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=;ftp=;hxxps=;

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16555

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v35.0 (x86 de)

[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.backgroundjs", "\n\n/*****************************************************************************[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.js", "\n\n  /************************************************************************************\[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") { appAPI.int[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_13.name", "CrossriderAppUtils");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_14.name", "CrossriderUtils");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"isBackground!==true)&&(typeof _[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_177.code", "(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(\"*crossrider[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_177.name", "crossriderDashboard");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_182.code", "(function(){if(typeof $jquery_171===\"undefined\"){return;}var c={DUMMY[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_194.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_78.name", "CrossriderInfo");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Country", "Germany");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22925940);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.UserID", "2d9ba86a-b224-4694-aebd-2d0d0011e71c");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.Visibility", true);
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.downloadprovider", "internetturboyb");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installationid", "2d9ba86a-b224-4694-aebd-2d0d0011e71c");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.installdate", "18/07/2013");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.publisher", "internetturboyb");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\":{\"d\":\"C:\\\\Users\\\\Marrel\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hi9gzh[...]
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
[hi9gzhok.default\prefs.js] - Zeile Gelöscht : user_pref("extentions.webcake.installId", "0866ee34-ac1a-45c3-8806-393c6bc901f9");

-\\ Google Chrome v43.0.2357.81

[C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : abfmigjiaapipflmopkaaooigcjjdojh

-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [15870 Bytes] - [09/06/2015 00:01:00]
AdwCleaner[S0].txt - [14951 Bytes] - [09/06/2015 00:03:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15011  Bytes] ##########
         

JRT.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.0 (06.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Marrel on 09/06/2015 at  0:25:11.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_click.dealshark.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_click.dealshark.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsmode.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.metrolyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.metrolyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\Marrel\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{018D92E4-F76A-47C4-85C9-654BF8789B0F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{03A48F3C-3617-4781-831F-C345548FDE46}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{0CD1EA97-C2F4-4606-ACEB-6CC83EC6B443}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{0D36D10C-0401-472D-ACC0-EB709819D9CE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{16849230-8B24-4584-9DA7-630851D5A5CE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{22BA43C1-5728-49D9-B73D-EEA4DE4E9561}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{25B3575B-9663-401E-9539-E2DE25D815F0}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{2E4F208C-256B-44F2-8122-8A8219920AFF}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{30676F8E-5548-43DE-B74B-311231F9E5C8}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{32C1EDA1-00F9-4BB0-A1AF-076C9CDEAD97}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{39B764DC-2D60-4C3E-AD45-CE470C1FC7E9}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{3C286C1C-5F54-4D39-98E4-DD7D4193C1BB}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{3D95129D-1B92-48BE-B8C5-786FF8B09304}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{3EFDE03F-64EF-4552-A77E-67D82D796856}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{41E3E590-BF1F-480B-9DD4-8A1182403D61}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{493F21DA-AA7A-4E94-B03A-2BE083471D57}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{5AC97C65-A59E-45FE-A513-0F7A94994C3B}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{5D68B773-4433-41A0-A722-659C1AB99A6E}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{60058313-1108-43B5-9E61-E359966341CA}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{613CA3F0-CF34-42F9-9F92-BFF35DD52C7C}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{6CCC7B19-9165-4957-9FBE-413B1740858B}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{7595B27F-EE28-4BE6-9D16-2E9A16EDB208}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{75F51AEA-2DAD-4DC3-A3CD-A9D99F48ADEE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{76B329BA-22A6-4CEA-B6DB-221C0320E173}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{78E428D9-2D03-47CA-A68A-C086D32E9839}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{7B9E5324-9D76-4AA5-9CF0-5511910DCAEE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{7E25D1C7-9EEC-4DD2-98DF-1022CD4F94A9}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{8645EDFA-BA89-433F-A114-7972F4F5E7E2}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{89D670EE-92A9-4DB9-95FC-D6A86EF82A90}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{89E771F2-90A2-4135-A699-1C8388D74046}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{95FA7227-84EF-4A8C-A4FB-86F3ECEEB98F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{9A333B7A-9CA4-445A-B7C3-D4007A4498E4}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{9B1F2233-E717-4DF5-99AE-E8F27B5F09A4}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{9B792DA0-C6EB-4206-843A-6D383EAAF502}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A3ED65F7-E72A-4FA7-9572-48A510D6C924}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A4102586-FD8D-40A5-A609-65F1965A9C2D}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A58C46BE-10AB-4A10-8891-F629E0CF0520}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{A9CE8B73-A121-4CC9-ACFA-F89C8FFE2709}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{AE48280A-00E2-4AA3-9CB9-1D3518F77296}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{AF2E5DFC-D0CE-4082-A981-69950231E726}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{B10DFD99-63CC-456C-A80C-6B5076800464}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{B95CB900-FB10-4520-AD5C-D2D011DB368D}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{BD7DA7C6-EA7F-4B94-98F9-A5DD1A63AD03}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{BEA7C67A-4785-4D08-94C6-EEDDC07346B1}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{BF692C06-2333-4522-B21B-B8343B67D798}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{C3AACB2C-224A-439F-9EC4-479663885017}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{C80A9271-AFB6-4CDF-8408-B2033FD60B4D}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{C94450EF-C385-455C-92C2-46B101E413DA}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{CC395AED-76CE-4223-9326-5ED95FFA2B64}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{CDFDBFEA-3091-4967-AF36-1326BD34C67F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{DFD280B1-99A6-4292-84CA-0431CDF007DC}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{E1A0CF5A-BB42-42D9-8538-2476AD841616}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{EA13420A-9651-4A26-ABB0-52E3534B2F6C}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{EC82544E-5879-4441-A35A-5B0F0F62646F}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{ECB93D8D-77E3-4407-88ED-C7EA49D0D2EE}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{EE90615D-2C82-4ED0-837F-BAA2D1C624BC}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{FBD2185B-2B93-46BA-A65B-D10EC164161E}
Successfully deleted: [Empty Folder] C:\Users\Marrel\appdata\local\{FFCA6B00-51DB-4656-A4AB-5816DBED9C49}



~~~ FireFox

Successfully deleted the following from C:\Users\Marrel\AppData\Roaming\mozilla\firefox\profiles\hi9gzhok.default\prefs.js

user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_17.code, if(typeof window!==\undefined\){\n/*!\n * jQu
user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_195.code, if(typeof appAPI.internal.monetization===\und
user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_208.code, if(typeof appAPI.internal.monetization===\und
user_pref(extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_91.code, (function(i){if(!appAPI.isBackground&&appAPI.do
Emptied folder: C:\Users\Marrel\AppData\Roaming\mozilla\firefox\profiles\hi9gzhok.default\minidumps [23 files]



~~~ Chrome


[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Marrel\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/06/2015 at  0:32:25.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST(2).txt:
Code:
ATTFilter
can result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Marrel (administrator) on Marrel-PC on 09-06-2015 01:29:13
Running from C:\Users\Marrel\Desktop
Loaded Profiles: Marrel (Available Profiles: Marrel & X & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} -  No File
Toolbar: HKLM-x32 - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Extension: Avira Browser Safety - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\abs@avira.com [2014-12-25]
FF Extension: Internet Turbo - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c} [2013-12-11]
FF Extension: TurnTool Viewer - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\ViewerInstall.xpi [2013-01-30]
FF Extension: Adblock Plus - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-15]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\ver3a2zLyrics\178.xpi [not found]
FF Extension: No Name - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com [not found]

Chrome: 
=======
CHR Profile: C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21]
CHR Extension: (Bookmark Manager) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [841248 2010-02-26] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Software\Musikrecorder\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-03] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-17] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-23] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [488568 2012-04-28] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [120440 2012-05-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2068600 2012-05-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2013-12-08] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 00:32 - 2015-06-09 00:39 - 00011254 _____ C:\Users\Marrel\Desktop\JRT.txt
2015-06-09 00:25 - 2015-06-09 00:25 - 00000207 _____ C:\Windows\tweaking.com-regbackup-Marrel-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-09 00:25 - 2015-06-09 00:25 - 00000000 ____D C:\RegBackup
2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 ____D C:\Users\Marrel\AppData\Local\NewTech Infosystems
2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 _____ C:\Windows\JCMKR32.INI
2015-06-09 00:18 - 2015-06-09 00:18 - 02943232 _____ (Thisisu) C:\Users\Marrel\Downloads\JRT.exe
2015-06-09 00:08 - 2015-06-09 01:28 - 00015093 _____ C:\Users\Marrel\Desktop\AdwCleaner[S0].txt
2015-06-09 00:00 - 2015-06-09 00:04 - 00000000 ____D C:\AdwCleaner
2015-06-08 23:57 - 2015-06-09 01:25 - 00121247 _____ C:\Users\Marrel\Desktop\mbam.txt
2015-06-08 22:26 - 2015-06-08 22:26 - 02231296 _____ C:\Users\Marrel\Downloads\AdwCleaner_4.206.exe
2015-06-08 22:23 - 2015-06-08 22:23 - 00000710 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ Malwarebytes Anti-Malware 
2015-06-08 22:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 22:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-08 22:19 - 2015-06-08 22:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marrel\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-08 10:50 - 2015-06-08 10:50 - 00022376 _____ C:\Users\Marrel\Desktop\Combofix.txt
2015-06-08 10:44 - 2015-06-08 10:44 - 00022444 _____ C:\ComboFix.txt
2015-06-08 10:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 10:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 10:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 10:11 - 2015-06-08 10:44 - 00000000 ____D C:\Qoobox
2015-06-08 10:11 - 2015-06-08 10:42 - 00000000 ____D C:\Windows\erdnt
2015-06-08 10:09 - 2015-06-08 10:09 - 05628238 ____R (Swearware) C:\Users\Marrel\Downloads\ComboFix.exe
2015-06-08 09:14 - 2015-06-08 09:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marrel\Downloads\revosetup95.exe
2015-06-08 09:14 - 2015-06-08 09:14 - 00000748 _____ C:\Users\Marrel\Desktop\Revo Uninstaller.lnk
2015-06-08 02:47 - 2015-06-08 02:47 - 00000012 _____ C:\Users\Marrel\Desktop\fghhj.txt
2015-06-08 01:47 - 2015-06-08 01:54 - 00000476 _____ C:\Users\Marrel\Desktop\defogger_disable.log
2015-06-08 01:39 - 2015-06-08 01:54 - 00002409 _____ C:\Users\Marrel\Desktop\Gmer.txt
2015-06-08 00:46 - 2015-06-08 00:46 - 00380416 _____ C:\Users\Marrel\Downloads\Gmer-19357.exe
2015-06-08 00:29 - 2015-06-08 00:29 - 00000000 _____ C:\Users\Marrel\defogger_reenable
2015-06-08 00:23 - 2015-06-08 00:23 - 00000246 _____ C:\Windows\SysWOW64\defogger_enable.log
2015-06-08 00:21 - 2015-06-08 00:29 - 00000474 _____ C:\Windows\SysWOW64\defogger_disable.log
2015-06-08 00:17 - 2015-06-08 01:41 - 00026371 _____ C:\Users\Marrel\Desktop\Addition.txt
2015-06-08 00:14 - 2015-06-09 01:29 - 00019178 _____ C:\Users\Marrel\Desktop\FRST.txt
2015-06-08 00:13 - 2015-06-09 01:29 - 00000000 ____D C:\FRST
2015-06-08 00:13 - 2015-06-08 00:13 - 02108928 _____ (Farbar) C:\Users\Marrel\Desktop\FRST64.exe
2015-06-08 00:12 - 2015-06-08 00:12 - 00050477 _____ C:\Users\Marrel\Desktop\Defogger (1).exe
2015-06-08 00:11 - 2015-06-08 00:11 - 00050477 _____ C:\Users\Marrel\Downloads\Defogger.exe
2015-06-07 21:13 - 2015-06-09 00:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 21:13 - 2015-06-08 23:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-07 21:11 - 2015-06-08 01:14 - 00000000 ____D C:\Users\Marrel\Desktop\mbar
2015-06-07 21:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-07 21:10 - 2015-06-07 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marrel\Downloads\mbar-1.09.1.1004.exe
2015-06-07 20:19 - 2015-06-07 20:19 - 00276928 _____ C:\Windows\Minidump\060715-29686-01.dmp
2015-06-07 20:06 - 2015-06-07 20:06 - 00276928 _____ C:\Windows\Minidump\060715-30217-01.dmp
2015-06-06 23:40 - 2015-06-06 23:40 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-06 23:25 - 2015-06-06 23:28 - 110090565 _____ C:\Users\Marrel\Downloads\8311_Hm2AutoUpdate.exe
2015-06-06 04:30 - 2015-06-06 04:30 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-06-06 01:21 - 2015-06-06 01:21 - 00000000 ____D C:\bildschirm
2015-05-19 16:55 - 2015-05-19 16:56 - 00000000 ____D C:\Users\Marrel\Documents\UniversalReplayer
2015-05-19 16:54 - 2015-05-19 17:36 - 00002180 _____ C:\Users\Marrel\URPreferences.xml
2015-05-19 16:44 - 2015-05-19 16:44 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer (1).jnlp
2015-05-19 16:43 - 2015-05-19 16:44 - 00562272 _____ (Oracle Corporation) C:\Users\Marrel\Downloads\chromeinstall-8u45.exe
2015-05-19 16:40 - 2015-05-19 16:41 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer.jnlp
2015-05-17 02:59 - 2015-05-17 02:59 - 00010940 _____ C:\Users\Marrel\Documents\pokerbook.odt
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\Program Files (x86)\PSDViewer
2015-05-10 04:10 - 2015-05-10 04:10 - 01203488 _____ C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 01:03 - 2012-04-09 03:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 00:33 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 00:33 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 00:26 - 2012-04-09 03:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-09 00:21 - 2014-07-31 03:28 - 00062350 _____ C:\Windows\setupact.log
2015-06-09 00:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 00:20 - 2012-03-23 22:39 - 01072624 _____ C:\Windows\WindowsUpdate.log
2015-06-09 00:05 - 2014-07-31 20:20 - 00466484 _____ C:\Windows\PFRO.log
2015-06-09 00:03 - 2015-01-14 10:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-08 23:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2015-06-08 23:45 - 2014-10-06 02:05 - 00000000 ____D C:\Program Files (x86)\FreeHideIP
2015-06-08 23:01 - 2012-04-30 13:40 - 00000000 ____D C:\Users\Marrel\AppData\Local\Equilab
2015-06-08 22:23 - 2013-07-18 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-08 18:55 - 2013-07-25 00:45 - 00000058 _____ C:\Windows\ChssBase.ini
2015-06-08 10:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-08 10:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-08 10:33 - 2012-05-11 15:12 - 00000000 ____D C:\Users\postgres
2015-06-08 09:20 - 2014-09-15 18:08 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Skype
2015-06-08 00:29 - 2012-03-23 23:11 - 00000000 ____D C:\Users\Marrel
2015-06-07 23:30 - 2012-03-24 07:31 - 22396180 _____ C:\Windows\system32\perfh007.dat
2015-06-07 23:30 - 2012-03-24 07:31 - 07215964 _____ C:\Windows\system32\perfc007.dat
2015-06-07 23:30 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 20:43 - 2012-05-11 15:24 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\HoldemManager
2015-06-07 20:23 - 2012-03-24 00:07 - 00000000 ____D C:\Users\Marrel\AppData\Local\PokerStars.EU
2015-06-07 20:22 - 2014-03-18 12:20 - 00000000 ____D C:\a
2015-06-07 20:19 - 2013-05-06 18:36 - 00000000 ____D C:\Windows\Minidump
2015-06-07 20:18 - 2014-07-31 20:20 - 468712171 _____ C:\Windows\MEMORY.DMP
2015-06-06 23:33 - 2012-05-11 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-06-05 03:49 - 2015-02-19 01:27 - 00004305 _____ C:\blitzerr.txt
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 20:23 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:02 - 2014-10-06 02:04 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412553844
2015-05-20 20:02 - 2014-10-06 02:04 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-17 03:58 - 2012-04-09 03:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:58 - 2012-04-09 03:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:20 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2014-03-21 03:27 - 2014-03-21 03:27 - 0072341 _____ () C:\Users\Marrel\AppData\Roaming\Debut.dmp
2013-12-08 21:30 - 2013-12-08 21:30 - 0001181 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt
2013-12-08 21:30 - 2013-12-08 21:30 - 0000000 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Marrel\AppData\Local\CDRip.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Marrel\AppData\Local\No23 Recorder.exe
2014-12-01 18:35 - 2014-12-01 18:35 - 0001456 _____ () C:\Users\Marrel\AppData\Local\RecConfig.xml
2012-06-04 09:59 - 2015-01-12 00:30 - 0007593 _____ () C:\Users\Marrel\AppData\Local\Resmon.ResmonCfg
2013-06-15 00:39 - 2013-06-24 23:54 - 0001181 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Marrel\AppData\Local\Temp\avgnt.exe
C:\Users\Marrel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marrel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 06:21

==================== End of log ============================
         
mbar.txt(Teil1, Log besitzt leider alleine 122000 Zeichen und kann daher nicht komplett am Stück gepostet werden):
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08/06/2015
Suchlauf-Zeit: 22:24:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.08.04
Rootkit Datenbank: v2015.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marrel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 493017
Verstrichene Zeit: 1 Std, 10 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 48
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], 
PUP.Optional.SearchQu, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], 
PUP.Optional.SearchQu, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], 
PUP.Optional.SearchQu, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, In Quarantäne, [48fcc9efe3a759dd5ec2135b54af7a86], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [bd87a513fd8d4fe75468e3bddf24b34d], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [bd87a513fd8d4fe75468e3bddf24b34d], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [55eff9bfc0ca201664dd3173e221cb35], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, In Quarantäne, [a59f2395890180b6f4971b4de81b936d], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{338B4DFE-2E2C-4338-9E41-E176D497299E}, In Quarantäne, [51f35860434700365e2ce08819eabc44], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{338B4DFE-2E2C-4338-9E41-E176D497299E}, In Quarantäne, [51f35860434700365e2ce08819eabc44], 
PUP.Optional.WebCake.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [97adfeba92f8a294dde1d2ce29da718f], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [97adfeba92f8a294dde1d2ce29da718f], 
PUP.BundleInstaller.VG, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Video Downloader, In Quarantäne, [4ff590282f5bdc5abba79d23c13fa45c], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2801948, In Quarantäne, [62e2c8f01a707eb8acbc94f1eb1adf21], 
PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}, In Quarantäne, [6ed6d4e44347d75f6e4c1b6358adb947], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2801948, In Quarantäne, [67dde6d2f694d75f32366520ae57ba46], 
PUP.Optional.Generalcrawler.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dednnpigldgdbpgcdpfppmlcnnbjciel, In Quarantäne, [aa9a665290fa0c2a940d88e5c0458a76], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, In Quarantäne, [a99b72462f5b1f17f445be8af60f9769], 
PUP.Optional.MediaFinder.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lpmkgpnbiojfaoklbkpfneikocaobfai, In Quarantäne, [33119e1acac01c1a6d3571fcd62f3bc5], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D0F19BE0-B4D5-4E81-ADEA-C00F24C90FA8}, In Quarantäne, [063ec0f8e2a8d165f9831f63e12439c7], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DF8D8370-E00B-4243-839A-728E803720F6}, In Quarantäne, [4004eccc92f889ad91eaee9495709b65], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2665D07-8D6D-412D-A4AA-E7C20AB481E4}, In Quarantäne, [380cb404c9c1dd595627d8aa4db8fd03], 
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E40897FA-2469-47A4-A29C-53C900030D40}, In Quarantäne, [162e932568222115d4b4e99bb4516d93], 
PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR, In Quarantäne, [c1838434d2b89f971d542be09b69c23e], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\1ClickDownload, In Quarantäne, [b98b3781c5c52313a6e9a9a6ca3b3cc4], 
PUP.Optional.SmartBar, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\SmartbarBackup, In Quarantäne, [073dbbfd17732f075ad4e77f947143bd], 
PUP.Optional.SmartBar, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\SmartbarLog, In Quarantäne, [73d112a6d8b2b68075b887dfdd2842be], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\SupHpUISoft, In Quarantäne, [073d33857218aa8c58d134dc31d3a15f], 
PUP.Optional.GenericAddon.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, In Quarantäne, [78ccad0b2c5ef93dffb0d9332dd7639d], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.6, In Quarantäne, [b490e7d1bad01b1bbad7022a38ccec14], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [c381635565254beb1e6ffd3b11f322de], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLCORE, In Quarantäne, [23217642eb9f1b1b85bda6a87e87e61a], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD, In Quarantäne, [48fcb602ddad72c4fcbf1cf28d771ce4], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [5ce883350b7f2511db43b29c1bea24dc], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [f05401b7c6c472c41c338ed40ef71ae6], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.6, In Quarantäne, [48fc793f9cee201650416dbf679de917], 
PUP.Optional.LyricsAd.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BB43A0A3-3F51-CCE3-D565-A22150A9CF21}, In Quarantäne, [e95b6058d5b53ff79f496ecf5ea8fb05], 
PUP.Optional.LyricsAd.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{BB43A0A3-3F51-CCE3-D565-A22150A9CF21}, In Quarantäne, [e95b6058d5b53ff79f496ecf5ea8fb05], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110311201102}, In Quarantäne, [46febefaa5e561d5023b2c1432d4c33d], 

Registrierungswerte: 14
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{338B4DFE-2E2C-4338-9E41-E176D497299E}, ä·¾ã??⸬ä?¸ä??ç?¡é??鸩, In Quarantäne, [51f35860434700365e2ce08819eabc44]
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{338B4DFE-2E2C-4338-9E41-E176D497299E}, In Quarantäne, [7aca91275535df572e5c204849ba18e8], 
PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}|URL, hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}, In Quarantäne, [6ed6d4e44347d75f6e4c1b6358adb947]
PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}|SuggestionsURL_JSON, hxxp://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=417&qu={searchTerms}&ft=json, In Quarantäne, [a1a39a1e6b1f1c1a0dadb4cacb3a40c0]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d0f19be0-b4d5-4e81-adea-c00f24c90fa8}|AppName, Plus-HD-1.6-buttonutil.exe, In Quarantäne, [063ec0f8e2a8d165f9831f63e12439c7]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{df8d8370-e00b-4243-839a-728e803720f6}|AppName, Plus-HD-1.6-bg.exe, In Quarantäne, [4004eccc92f889ad91eaee9495709b65]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e2665d07-8d6d-412d-a4aa-e7c20ab481e4}|AppName, Plus-HD-1.6-codedownloader.exe, In Quarantäne, [380cb404c9c1dd595627d8aa4db8fd03]
PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E40897FA-2469-47A4-A29C-53C900030D40}|AppPath, C:\Users\Marrel\AppData\Local\Conduit\CT2801948, In Quarantäne, [162e932568222115d4b4e99bb4516d93]
PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR|DisplayName, webinstr, In Quarantäne, [c1838434d2b89f971d542be09b69c23e]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\INSTALLCORE|tb, 0N2X1N, In Quarantäne, [23217642eb9f1b1b85bda6a87e87e61a]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [3d07c4f4e2a8ee48dcfe8e87659fe719]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013, In Quarantäne, [1e26b8000684dd59e118eb922ed7ec14]
PUM.Bad.Proxy, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, In Quarantäne, [202403b5aedcd3632d59abbb2ed7ff01]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [a89cccec6f1bca6cffdb22f3d82cea16]

Registrierungsdaten: 5
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013),Ersetzt,[2d17b4042e5ceb4b8d0361cd2adc57a9]
PUP.Optional.Conduit, HKU\S-1-5-21-1623171927-3149244632-4192914800-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948),Ersetzt,[61e3635592f83006b161dd5c51b5619f]
PUP.Optional.Snapdo, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013),Ersetzt,[69db26924a4092a435fc5fda8c7aa858]
PUP.Optional.Snapdo, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013),Ersetzt,[4ef67c3cec9ee254969bbc7dd82e27d9]
PUP.Optional.Snapdo, HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013),Ersetzt,[82c22098e6a4b185eb46ad8c43c36799]
         
Gruß Marrel


Alt 09.06.2015, 01:24   #6
Marrel
 
Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Antwort Teil 2 von 2



mbam.txt (Teil2):
Code:
ATTFilter
Ordner: 77
PUP.Optional.SoftwareUpdater.A, C:\Users\Marrel\AppData\Local\SwvUpdater, In Quarantäne, [c97b8335d8b276c08a0ca273c53fd828], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\update, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\defaults, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\defaults\preferences, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\userCode, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\locale, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\locale\en-US, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\B742A905FB2C41D78C56DBAF20F6C63E, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.Datamngr.A, C:\Users\Marrel\AppData\LocalLow\DataMngr, In Quarantäne, [f94b56622961171fcea0803b05fe0000], 
PUP.Optional.Datamngr.A, C:\Users\X\AppData\LocalLow\DataMngr, In Quarantäne, [fe462593e5a568cee48a219a689b26da], 
PUP.Optional.SearchQu.A, C:\Users\Marrel\AppData\LocalLow\searchquband, In Quarantäne, [f74d23955535989e7ec3efd5aa5945bb], 
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchquband, In Quarantäne, [5aea3e7a6e1c42f41c25c8fc22e159a7], 
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.MediaFinder.A, C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions, In Quarantäne, [50f43f796723fd396d517f4a659e4fb1], 
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7], 
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\Logs, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\AddedAppDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DefualtImages, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DetectedAppDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarUntrustedAppsApprovalDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UninstallDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAddedAppDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppApprovalDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppPendingDialog, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Logs, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\MyStuffApps, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\RadioPlayer, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\AppsMetaData, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\DynamicDialogs, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\SearchInNewTab, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\UserDefinedItems, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Betcat.A, C:\Program Files (x86)\Betcat, In Quarantäne, [0f35586092f816209d878a494db6758b], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\update, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.SmartBar.A, C:\Users\Marrel\AppData\LocalLow\Smartbar, In Quarantäne, [0a3aac0c9ceea195619a4197e320956b], 

Dateien: 471
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\Web Cake\WebCakeDesktop.exe, In Quarantäne, [a89c2e8a3e4c261025676bb56c94d32d], 
PUP.Optional.WebCake.A, C:\Program Files (x86)\WDesktop.Updater.exe, In Quarantäne, [d3719f191d6d0036964fef51e021857b], 
PUP.Optional.TenkiTechnology, C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe, In Quarantäne, [f4509b1d6a20280e90a4d922c73e8080], 
PUP.BundleInstaller.VG, C:\Program Files (x86)\vGrabber-software\Uninstall.exe, In Quarantäne, [4ff590282f5bdc5abba79d23c13fa45c], 
PUP.Optional.Downloader, C:\Users\X\Downloads\Setup.exe, In Quarantäne, [e85c00b8a6e480b6b83c00c0867ba060], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\10c081.msi, In Quarantäne, [0e3610a8aedce84e657ec7f2f011956b], 
PUP.Optional.BoostSaves.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [9ea63c7cf69489ad0ff3aa54f90a30d0], 
PUP.Optional.BoostSaves.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [2f155662701af541b15143bb1fe48d73], 
PUP.Optional.AZLyrics.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, In Quarantäne, [96ae70487e0c43f3570548b7f11206fa], 
PUP.Optional.AZLyrics.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, In Quarantäne, [1430e7d199f18caac19bac53d52e22de], 
PUP.Optional.SmartBar.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage, In Quarantäne, [f84c9b1d91f9b581b69f40c0739144bc], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Marrel\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [c97b8335d8b276c08a0ca273c53fd828], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Marrel\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [c97b8335d8b276c08a0ca273c53fd828], 
PUP.Optional.Boost.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [69dbdbdd9befc86e3e7e31e436ce38c8], 
PUP.Optional.Boost.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [a79dd5e396f4d75fb903f61f25df7a86], 
PUP.Optional.BetterDeals.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, In Quarantäne, [8fb5199f73171422549e6ab4c1430000], 
PUP.Optional.BetterDeals.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, In Quarantäne, [2c1813a51575aa8c15dd6ab406febd43], 
PUP.Optional.BetterDeals.A, C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, In Quarantäne, [a59f2d8b1e6c40f66b87b86635cfbd43], 
PUP.Optional.BetterDeals.A, C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, In Quarantäne, [72d2deda62281224f00242dc0df721df], 
PUP.Optional.WebSearch.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\searchplugins\Web Search.xml, In Quarantäne, [74d0feba3d4d9e9878be72bd60a4ab55], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\PlugIns.cache, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Desktop.OS.dll, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Maintain.dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Paladin.dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\Phoenix.dat, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\Users\Marrel\AppData\Roaming\WebCake\dat\sqlite3.dll, In Quarantäne, [55efd0e81b6f46f0b77c55f39f66ec14], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll, In Quarantäne, [8bb92890d0baaa8c8fa8390f6f9655ab], 
PUP.Optional.GoForFiles.A, C:\Windows\System32\Tasks\GoforFilesUpdate, In Quarantäne, [6ed612a6305a8aac4a31bcb656af52ae], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\crossrider_statusbar.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button1.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button2.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button3.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button4.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\button5.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon128.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon16.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon24.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\icon48.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\panelarrow-up.png, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\popup.html, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\skin.css, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\skin\update.css, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome.manifest, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\install.rdf, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\02a9c269051829379cd630c52a091b7a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\12003967a191158edc4904431aae51cd.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\328189f4d73467fb2190ecaf3d671d8a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\a38f4b69efdf528d9506dc01dfba3e9f.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\af183a7e59b2464e92b16ffe87ce98db.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\background.html, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\browser.xul, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\df208b5e112e82a3d5d00b093a11ed2f.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\dialog.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\options.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\options.xul, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\search_dialog.xul, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\8b6ab5faf449df2131c181704b8582c8.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\25014a20443a0984003dba6aabbce423.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\330aa28bf45574a206050e43b81a2e49.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\356fddfb2192d9e878b4b8408e6f4715.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\62c40d1cfa2a8bb94a99adc1d18d3c17.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\67b300761625a1d68c46af0f062037d5.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\6870b82ad271e942dad4daa32a99b5ff.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\75ff371374ec1cd65c1c0e1b77fbd056.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\852264ee44826963d6950ee5ca54617f.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\ad4d3060dd8750bcf396db9f62aec8e1.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\aff9d32646e76cd9b52d66342d749d34.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\b36be4161e22eb542b816b8931d406e2.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\bea2a1afe893455f42dab3f330a1082a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\d2cf06174b2ceef0a67e4ba71e83f3ed.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\e1747851164f73fdfc14fb3a4d52f735.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\api\ed4682e2c2e61e2ac0289e0f62cb139b.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\b2edde9e1cce89e0130e33730d622816.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\07675462ec165f63e37bf0e5f77a094d.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\25f0af42aacd4f2dc7669113b9310e89.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\26710fd9c340278a7836597d0d53834c.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\26d4f5c9e6a5b50a99eef7e301d70666.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\271d2beb8d3490b68559491b5b6cf01b.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\2ea7f19ab93e05e03e19eefa22321927.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\40167ff17de4b7cf86e6b17f6086b2ed.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\41a36be649307ab73fbf720a142f5b58.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\44176983eccaea47c2b4ce013dfbdb94.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\962edfb4be02dc81880d52ac8d031286.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\98574c5ea83976a99721924e068bc40a.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\b092db29bbad9f6f6f07886989e3a4aa.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\b1d92297197df6ee24db5115ef4b8192.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\c0924b5cab2e9413318a6a98f8471251.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\c4b508947bf1e686784b130c77bf1a24.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\dede528f9df401156d71de84fc8df72d.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\dff606b25e97c23684214398950d088b.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\fda0e17bff10f0a3c60a1fb963aeb512.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\fdcb884af90fe4aeb32b6436f6797c95.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\chrome\content\core\installer.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\defaults\preferences\prefs.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\manifest.xml, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins.json, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\102.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\13.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\14.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\16.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\17.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\178.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\195.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\220.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\246.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\253.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\263.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\345.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\354.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\4.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\47.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\64.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\7.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\78.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\9.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\91.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\plugins\93.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\userCode\background.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\extensionData\userCode\extension.js, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com\locale\en-US\translations.dtd, In Quarantäne, [c4807345aedc16203dab710b50b5d729], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\5260.ico, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\conduitinstaller.exe, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\6E3DEC5C76714FB38466BADD359E0D38\OCBrowserHelper_1.0.5.112.dll, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.OpenCandy, C:\Users\Marrel\AppData\Roaming\OpenCandy\B742A905FB2C41D78C56DBAF20F6C63E\TuneUpUtilities2013-2200218_de-DE.exe, In Quarantäne, [56eea3157a105dd9a73ddbda03007090], 
PUP.Optional.Datamngr.A, C:\Users\Marrel\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [f94b56622961171fcea0803b05fe0000], 
PUP.Optional.Datamngr.A, C:\Users\X\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [fe462593e5a568cee48a219a689b26da], 
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\dtx.ini, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad], 
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\guid.dat, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad], 
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\log.txt, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad], 
PUP.Optional.SearchQu.A, C:\Users\X\AppData\LocalLow\searchqutoolbar\preferences.dat, In Quarantäne, [9ba9d4e4117946f096acab194bb853ad], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome.manifest, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\install.rdf, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\icon.png, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\main.js, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\overlay.xul, In Quarantäne, [46fecdeb7a10c1758a3124a5e32041bf], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\background.html, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\icon128.png, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\icon16.png, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\icon48.png, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\manifest.json, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.Generalcrawler.A, C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\script.js, In Quarantäne, [0d377b3d612992a486370bbeb44fd828], 
PUP.Optional.MediaFinder.A, C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx, In Quarantäne, [50f43f796723fd396d517f4a659e4fb1], 
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\ldrtbNCH_.dll, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7], 
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\tbNCH_.dll, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7], 
PUP.Optional.Conduit.A, C:\Users\Marrel\AppData\LocalLow\NCH_EN\toolbar.cfg, In Quarantäne, [b292cdeb8604e74f14c2349704ff19e7], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ldrtbNCH_.dll, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\tbNCH_.dll, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ThirdPartyComponents.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\toolbar.cfg, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634733954948152887_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634787844809773210_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634816859809670790_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_PopUpBlocker-03_gif-Shiny-634223929360968750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_38_2ca_3891fffa-0564-431b-a0b7-b94ea9f192ca_Thumbnail_634653519259561565_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_92_fdd_9278f259-cbb0-4e3b-9711-e13d36f55fdd_Thumbnail_634374241400443754_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_flurries_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_snow_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637555161093750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717188112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734346081250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734761862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735153112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735566081250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735840300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_45_203_CT2038145_Images_633628017266675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637554254375000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_07_ddd_07caac71-eac9-4963-9fa6-f6c1cc836ddd_Appearance_634581083935348787_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642308275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642347650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642391868750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642426400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642461087500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642507025000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642551400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642638587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642673743750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642707181250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642737650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642769212500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642807650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642838431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642876556250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642916400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643010775000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643052806250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643105150000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643143900000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643184212500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643245462500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643283275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643319056250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643398431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643436087500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643468587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643505775000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643543431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643598275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643637650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643718587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643754681250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643795931250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643839993750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633936819456468750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252648000000_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252976750000_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223254379406250_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223255083468750_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634709842924903382_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634709843396778382_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637556125468750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637557088906250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716861862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716928737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717003737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717076393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655641918900000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642019837500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642057650000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642098587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642135462500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642176400000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642233431250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738224675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738258425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738311393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738350925000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738403581250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738499675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738555300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737755456250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737804987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737880612500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737917018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737956550000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737988425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738030300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737462018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737494675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737531706250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737572331250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737605925000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737647487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737682800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736867487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736904987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736937643750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736969518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737014050000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737065612500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737144050000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642967493750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643356868750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643682493750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_images_634723732255026399_24PX_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_mail_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_MarketPlace_2e_33e_2ec9e65c-72a4-4035-8a0e-06a6f1e0533e_Appearance_634394279015031252_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736489675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736543268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736592018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736642175000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736686862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736728737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736765456250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736175300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736222643750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736253112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736296237500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736337331250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736374831250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736409675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735883268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735924518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735957800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735999987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736038893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736078737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736116706250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735597643750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735635300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735672487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735702018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735734362500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735772956250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735806393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735187487500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735227018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735260300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735296393750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735342175000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735383893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735423893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735467331250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735526550000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733928425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733969518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734005143750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734064206250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734099518750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734144831250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734198268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734242800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734306862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736449675000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736832018750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737428268750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737718737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738178112500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738609987500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642273587500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736145768750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642588275000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734850768750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734920300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734953737500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734993425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735038893750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735080143750_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735121862500_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734383425000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734427175000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734476706250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734525300000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734567800000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734629831250_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734684050000_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_news_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_notepad_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_timer_alarm_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_tools_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_eula_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankimages_silkset_control_play_blue_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_about_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_configure_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_games_gif.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\RoundedCornersIE9.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DialogsAPI.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\excanvas.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\generalDialogStyle.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\PIE.htc, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\RoundedCorners.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\settings.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\version.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\AddedAppDialog\app-added.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\AddedAppDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DefualtImages\icon.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DetectedAppDialog\app-2go.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\DetectedAppDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\EngineFirstTimeDialog\right-click.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\SearchProtector.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\SearchProtector.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images\ok-button.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images\separation-line.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\NewSearchProtectorDialog\images\warning.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\bubble.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\bubble.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\information.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\SearchProtector.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\SearchProtector.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images\info.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images\ok-on.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorDialog\Images\ok.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\divider.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAddedAppDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppApprovalDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppPendingDialog\main.html, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\AccountTypes.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\aol.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\comcast.net.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\google.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\hotmail.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\EmailNotifier\yahoo.com.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\RadioPlayer\IP_Stations_Media_List.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\RadioPlayer\Predefined_Media_List.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\AppsMetaData\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\AppsMetaData\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\DynamicDialogs\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\DynamicDialogs\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation\data.bck.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation\data.txt, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Conduit.A, C:\Users\X\AppData\LocalLow\NCH_EN\SearchInNewTab\SearchInNewTabContent.xml, In Quarantäne, [ad970cac6e1c85b1f9dd577451b2e51b], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\PlugIns.cache, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\bsvc.dll, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\cst.exe, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\DIBS.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Dora.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Maintain.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Paladin.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\Phoenix.dat, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.Betcat.A, C:\Users\Marrel\AppData\Roaming\Betcat\dat\sqlite3.dll, In Quarantäne, [ff456157a6e44cead94c973c857e2ad6], 
PUP.Optional.SmartBar.A, C:\Users\Marrel\AppData\LocalLow\Smartbar\smartbar_state.config, In Quarantäne, [0a3aac0c9ceea195619a4197e320956b], 
PUP.Optional.SnapDo.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&installDate=18/07/2013&q=");), Ersetzt,[79cb47711179c076eee8b8c0f31331cf]
PUP.Optional.CrossRider.A, C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "13f5fe8fd2a0139105ec54c2d5586137");), Ersetzt,[093bb107e7a3c96d4cc6b5c5e91d9f61]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Nochmals danke für die Hilfe

Alt 09.06.2015, 20:22   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.06.2015, 07:45   #8
Marrel
 
Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



Hallo,
habe das Gefühl, dass der Computer schon etwas weniger ausgelastet ist und flüssiger läuft.

log.txt:
Code:
ATTFilter
SETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=95f0714eb9f96b4ea1f62ce4119d6b36
# end=init
# utc_time=2015-06-10 01:13:39
# local_time=2015-06-10 03:13:39 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24254
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=95f0714eb9f96b4ea1f62ce4119d6b36
# end=updated
# utc_time=2015-06-10 01:20:06
# local_time=2015-06-10 03:20:06 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=95f0714eb9f96b4ea1f62ce4119d6b36
# engine=24254
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-10 03:56:29
# local_time=2015-06-10 05:56:29 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 29575273 185538439 0 0
# scanned=323317
# found=25
# cleaned=0
# scan_time=9383
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=AF30C69B7002B44624735FFD6D87A2B90A2E1C85 ft=1 fh=6e845fa31fcfc7c2 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marrel\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=769727FD17408B4FB051A5062DAE6C45EFDE7288 ft=1 fh=f7eaf69907b5b1c6 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marrel\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=4DFDDD41FEC5F240AFAB959EDA0FC39925E02F2A ft=1 fh=adb82df7b379013a vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marrel\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=D346F1465889454724C24D34CB837B66ED7BCD14 ft=1 fh=c288b6bd4b45185a vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\D\NOW\Setup_FreeScreenVideo_2.0.exe"
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe"
sh=3F20DC68A6AAC23C4702D16C8A5388DCFE591AEA ft=1 fh=e5e2264a283a7f45 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe"
sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\HC2Setup.exe"
sh=E6035F57C9ED5851EC80A685584F30E606CC5691 ft=1 fh=d6f58f2e704945b6 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe"
sh=C46EF546071D58F96C4A03E5957D6A82AA46EDA5 ft=1 fh=79f3d99fac1ce92b vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe"
sh=ED4524DD9C62A6A76D7BED2AC3413277C43A6BA0 ft=1 fh=7a55241aa52eb8e3 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe"
sh=AA190194CD322F27B81B57B66F0E48B16DDF09FC ft=1 fh=7a1e2a1eaadddca3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe"
sh=7DC0380F98D20D221FA5F1351D2BEA73BC1F18F8 ft=1 fh=886335d40a7a3027 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
sh=F66E4E770C6F98F1BBF25B4D522BDB18F23226F5 ft=1 fh=48a4d2c95a5438b3 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001"
sh=C5B65183EA7991E96E9C13BC494C256A5299879A ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OSM Trojaner" ac=I fn="C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae"
sh=EBB0EE4A08C80C4E2A27315712646C6E42EC2A30 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll"
sh=73ABD5B1D81F527FD64AA6539E53BCA8E1BB1C00 ft=1 fh=08a96f1f2a78df02 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe"
sh=83488E2D31B7C9AE0CFADBB54E8DE2DCCAC081F4 ft=1 fh=eacef1118aa55933 vn="Variante von Win32/SoftPulse.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
         
checkup.txt:
Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus            
Norton Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 40  
 Java version 32-bit out of Date! 
  Adobe Flash Player 11.4.402.278 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 35.0 Firefox out of Date!  
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 mbamscheduler.exe    
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Ui, sollte mal wieder Flash Player und Jave aktualisieren. (Firefox benutze ich aktuell nicht).

FRST(3):
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Marrel (administrator) on Marrel-PC on 10-06-2015 06:30:14
Running from C:\Users\Marrel\Desktop
Loaded Profiles: Marrel & postgres (Available Profiles: Marrel & X & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} -  No File
Toolbar: HKLM-x32 - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Extension: Avira Browser Safety - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\abs@avira.com [2014-12-25]
FF Extension: Internet Turbo - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c} [2013-12-11]
FF Extension: TurnTool Viewer - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\ViewerInstall.xpi [2013-01-30]
FF Extension: Adblock Plus - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-10]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-15]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\ver3a2zLyrics\178.xpi [not found]
FF Extension: No Name - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com [not found]

Chrome: 
=======
CHR Profile: C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21]
CHR Extension: (Bookmark Manager) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [841248 2010-02-26] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Software\Musikrecorder\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-03] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-17] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-23] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [488568 2012-04-28] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [120440 2012-05-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2068600 2012-05-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2013-12-08] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 06:29 - 2015-06-10 06:29 - 00001167 _____ C:\Users\Marrel\Desktop\checkup.txt
2015-06-10 06:14 - 2015-06-10 06:14 - 00852639 _____ C:\Users\Marrel\Downloads\SecurityCheck.exe
2015-06-10 03:12 - 2015-06-10 03:12 - 02870984 _____ (ESET) C:\Users\Marrel\Downloads\esetsmartinstaller_deu.exe
2015-06-09 12:35 - 2015-06-09 12:35 - 00001271 _____ C:\Users\Marrel\Desktop\Handschrift.txt
2015-06-09 10:38 - 2015-06-09 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-09 01:31 - 2015-06-09 01:37 - 00032005 _____ C:\Users\Marrel\Desktop\FRST2.txt
2015-06-09 00:32 - 2015-06-09 00:39 - 00011254 _____ C:\Users\Marrel\Desktop\JRT.txt
2015-06-09 00:25 - 2015-06-09 00:25 - 00000207 _____ C:\Windows\tweaking.com-regbackup-Marrel-PC-Windows-7-Home-Premium-(64-bit).dat
2015-06-09 00:25 - 2015-06-09 00:25 - 00000000 ____D C:\RegBackup
2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 ____D C:\Users\Marrel\AppData\Local\NewTech Infosystems
2015-06-09 00:24 - 2015-06-09 00:24 - 00000000 _____ C:\Windows\JCMKR32.INI
2015-06-09 00:18 - 2015-06-09 00:18 - 02943232 _____ (Thisisu) C:\Users\Marrel\Downloads\JRT.exe
2015-06-09 00:08 - 2015-06-09 01:28 - 00015093 _____ C:\Users\Marrel\Desktop\AdwCleaner[S0].txt
2015-06-09 00:00 - 2015-06-09 00:04 - 00000000 ____D C:\AdwCleaner
2015-06-08 23:57 - 2015-06-09 01:25 - 00121247 _____ C:\Users\Marrel\Desktop\mbam.txt
2015-06-08 22:26 - 2015-06-08 22:26 - 02231296 _____ C:\Users\Marrel\Downloads\AdwCleaner_4.206.exe
2015-06-08 22:23 - 2015-06-08 22:23 - 00000710 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-08 22:23 - 2015-06-08 22:23 - 00000000 ____D C:\ Malwarebytes Anti-Malware 
2015-06-08 22:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 22:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-08 22:19 - 2015-06-08 22:20 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marrel\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-08 10:50 - 2015-06-08 10:50 - 00022376 _____ C:\Users\Marrel\Desktop\Combofix.txt
2015-06-08 10:44 - 2015-06-08 10:44 - 00022444 _____ C:\ComboFix.txt
2015-06-08 10:12 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 10:12 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 10:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 10:12 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 10:11 - 2015-06-08 10:44 - 00000000 ____D C:\Qoobox
2015-06-08 10:11 - 2015-06-08 10:42 - 00000000 ____D C:\Windows\erdnt
2015-06-08 10:09 - 2015-06-08 10:09 - 05628238 ____R (Swearware) C:\Users\Marrel\Downloads\ComboFix.exe
2015-06-08 09:14 - 2015-06-08 09:14 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marrel\Downloads\revosetup95.exe
2015-06-08 09:14 - 2015-06-08 09:14 - 00000748 _____ C:\Users\Marrel\Desktop\Revo Uninstaller.lnk
2015-06-08 02:47 - 2015-06-08 02:47 - 00000012 _____ C:\Users\Marrel\Desktop\fghhj.txt
2015-06-08 01:47 - 2015-06-08 01:54 - 00000476 _____ C:\Users\Marrel\Desktop\defogger_disable.log
2015-06-08 01:39 - 2015-06-08 01:54 - 00002409 _____ C:\Users\Marrel\Desktop\Gmer.txt
2015-06-08 00:46 - 2015-06-08 00:46 - 00380416 _____ C:\Users\Marrel\Downloads\Gmer-19357.exe
2015-06-08 00:29 - 2015-06-08 00:29 - 00000000 _____ C:\Users\Marrel\defogger_reenable
2015-06-08 00:23 - 2015-06-08 00:23 - 00000246 _____ C:\Windows\SysWOW64\defogger_enable.log
2015-06-08 00:21 - 2015-06-08 00:29 - 00000474 _____ C:\Windows\SysWOW64\defogger_disable.log
2015-06-08 00:17 - 2015-06-08 01:41 - 00026371 _____ C:\Users\Marrel\Desktop\Addition.txt
2015-06-08 00:14 - 2015-06-10 06:30 - 00021968 _____ C:\Users\Marrel\Desktop\FRST.txt
2015-06-08 00:13 - 2015-06-10 06:30 - 00000000 ____D C:\FRST
2015-06-08 00:13 - 2015-06-08 00:13 - 02108928 _____ (Farbar) C:\Users\Marrel\Desktop\FRST64.exe
2015-06-08 00:12 - 2015-06-08 00:12 - 00050477 _____ C:\Users\Marrel\Desktop\Defogger (1).exe
2015-06-08 00:11 - 2015-06-08 00:11 - 00050477 _____ C:\Users\Marrel\Downloads\Defogger.exe
2015-06-07 21:13 - 2015-06-10 03:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 21:13 - 2015-06-08 23:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-07 21:11 - 2015-06-08 01:14 - 00000000 ____D C:\Users\Marrel\Desktop\mbar
2015-06-07 21:11 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-07 21:10 - 2015-06-07 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marrel\Downloads\mbar-1.09.1.1004.exe
2015-06-07 20:19 - 2015-06-07 20:19 - 00276928 _____ C:\Windows\Minidump\060715-29686-01.dmp
2015-06-07 20:06 - 2015-06-07 20:06 - 00276928 _____ C:\Windows\Minidump\060715-30217-01.dmp
2015-06-06 23:40 - 2015-06-06 23:40 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-06 23:25 - 2015-06-06 23:28 - 110090565 _____ C:\Users\Marrel\Downloads\8311_Hm2AutoUpdate.exe
2015-06-06 04:30 - 2015-06-06 04:30 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-06-06 01:21 - 2015-06-06 01:21 - 00000000 ____D C:\bildschirm
2015-05-19 16:55 - 2015-05-19 16:56 - 00000000 ____D C:\Users\Marrel\Documents\UniversalReplayer
2015-05-19 16:54 - 2015-05-19 17:36 - 00002180 _____ C:\Users\Marrel\URPreferences.xml
2015-05-19 16:44 - 2015-05-19 16:44 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer (1).jnlp
2015-05-19 16:43 - 2015-05-19 16:44 - 00562272 _____ (Oracle Corporation) C:\Users\Marrel\Downloads\chromeinstall-8u45.exe
2015-05-19 16:40 - 2015-05-19 16:41 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer.jnlp
2015-05-17 02:59 - 2015-05-17 02:59 - 00010940 _____ C:\Users\Marrel\Documents\pokerbook.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 06:03 - 2012-04-09 03:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 04:03 - 2012-04-09 03:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 03:39 - 2012-03-23 22:39 - 01120067 _____ C:\Windows\WindowsUpdate.log
2015-06-10 03:14 - 2012-03-24 07:31 - 22411152 _____ C:\Windows\system32\perfh007.dat
2015-06-10 03:14 - 2012-03-24 07:31 - 07220880 _____ C:\Windows\system32\perfc007.dat
2015-06-10 03:14 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 03:08 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-10 03:08 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-10 02:57 - 2014-07-31 03:28 - 00062630 _____ C:\Windows\setupact.log
2015-06-10 02:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 13:31 - 2013-07-25 00:45 - 00000058 _____ C:\Windows\ChssBase.ini
2015-06-09 10:35 - 2014-02-12 00:12 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 10:35 - 2014-02-12 00:12 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-09 00:05 - 2014-07-31 20:20 - 00466484 _____ C:\Windows\PFRO.log
2015-06-09 00:03 - 2015-01-14 10:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-08 23:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2015-06-08 23:45 - 2014-10-06 02:05 - 00000000 ____D C:\Program Files (x86)\FreeHideIP
2015-06-08 23:01 - 2012-04-30 13:40 - 00000000 ____D C:\Users\Marrel\AppData\Local\Equilab
2015-06-08 22:23 - 2013-07-18 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-08 10:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-08 10:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-08 10:33 - 2012-05-11 15:12 - 00000000 ____D C:\Users\postgres
2015-06-08 09:20 - 2014-09-15 18:08 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Skype
2015-06-08 00:29 - 2012-03-23 23:11 - 00000000 ____D C:\Users\Marrel
2015-06-07 20:43 - 2012-05-11 15:24 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\HoldemManager
2015-06-07 20:23 - 2012-03-24 00:07 - 00000000 ____D C:\Users\Marrel\AppData\Local\PokerStars.EU
2015-06-07 20:22 - 2014-03-18 12:20 - 00000000 ____D C:\a
2015-06-07 20:19 - 2013-05-06 18:36 - 00000000 ____D C:\Windows\Minidump
2015-06-07 20:18 - 2014-07-31 20:20 - 468712171 _____ C:\Windows\MEMORY.DMP
2015-06-06 23:33 - 2012-05-11 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-06-05 03:49 - 2015-02-19 01:27 - 00004305 _____ C:\blitzerr.txt
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ____D C:\ProgramData\Skype
2015-05-25 20:23 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:02 - 2014-10-06 02:04 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412553844
2015-05-20 20:02 - 2014-10-06 02:04 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-17 03:58 - 2012-04-09 03:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:58 - 2012-04-09 03:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:20 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2014-03-21 03:27 - 2014-03-21 03:27 - 0072341 _____ () C:\Users\Marrel\AppData\Roaming\Debut.dmp
2013-12-08 21:30 - 2013-12-08 21:30 - 0001181 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt
2013-12-08 21:30 - 2013-12-08 21:30 - 0000000 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Marrel\AppData\Local\CDRip.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Marrel\AppData\Local\No23 Recorder.exe
2014-12-01 18:35 - 2014-12-01 18:35 - 0001456 _____ () C:\Users\Marrel\AppData\Local\RecConfig.xml
2012-06-04 09:59 - 2015-01-12 00:30 - 0007593 _____ () C:\Users\Marrel\AppData\Local\Resmon.ResmonCfg
2013-06-15 00:39 - 2013-06-24 23:54 - 0001181 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Marrel\AppData\Local\Temp\avgnt.exe
C:\Users\Marrel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marrel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 06:21

==================== End of log ============================
         
Gruß Marrel

Alt 10.06.2015, 18:49   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\D\NOW\Setup_FreeScreenVideo_2.0.exe

C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe

C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe

C:\Software\Videorecorder\HC2Setup.exe

C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe

C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe

C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe

C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe

C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe

C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000

C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001

C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll

C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe

C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen


Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.06.2015, 03:41   #10
Marrel
 
Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



Jo,
hier das fixlog (habe zweimal gefixt, weil ich beim ersten Mal was vergessen habe):
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Marrel at 2015-06-10 21:39:31 Run:2
Running from C:\Users\Marrel\Desktop
Loaded Profiles: Marrel & postgres (Available Profiles: Marrel &  & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\D\NOW\Setup_FreeScreenVideo_2.0.exe

C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe

C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe

C:\Software\Videorecorder\HC2Setup.exe

C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe

C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe

C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe

C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe

C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe

C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000

C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001

C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll

C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll

C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe

C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000
Emptytemp:
         
*****************

"C:\D\NOW\Setup_FreeScreenVideo_2.0.exe" => File/Folder not found.
"C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe" => File/Folder not found.
"C:\Program Files (x86)\PSDViewer\MyBabylonTB.exe" => File/Folder not found.
"C:\Software\Videorecorder\HC2Setup.exe" => File/Folder not found.
"C:\Software\Videorecorder\SoftonicDownloader_fuer_camtasia-studio.exe" => File/Folder not found.
"C:\Software\Videorecorder\SoftonicDownloader_fuer_free-screen-to-video.exe" => File/Folder not found.
"C:\Software\Videorecorder\Audioprogramm\SoftonicDownloader_fuer_camtasia-studio.exe" => File/Folder not found.
"C:\Unterhaltung\cONVENTER\FreeYouTubeToMP3Converter_3.11.35.1031.exe" => File/Folder not found.
"C:\Unterhaltung\SoftwareVirtuellesLaufwerk\DTLite4471-0333.exe" => File/Folder not found.
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 => moved successfully.
C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001 => moved successfully.
C:\Users\Marrel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\42074392-2a20e7ae => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\prefs.js => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_20.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_21.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_22.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_23.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_24.dll => moved successfully.
C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c}\components\SmartbarFireFoxRemotePlugin_25.dll => moved successfully.
C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe => moved successfully.
C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 => moved successfully.
EmptyTemp: => 11.6 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 21:39:56 ====
         
Bin grade dabei mein System weiter zu optimieren. Eine falsch platzierte Sounddatei hat bei mir z.B. eine CPU Auslastung von 30% bewirkt, sobald ich Videos gestartet habe. Außerdem habe ich die Werbung und Werbeflächen aus Skype entfernt bzw. deaktiviert.

Mit dem physikalischen Speicher habe ich aktuell keine großen Probleme. Wenn ich nicht viel mache ist dieser ungefähr bei 35% und bei größeren Aktionen meist immernoch unter 60%.

Fällt dir noch was ein zum optimieren?
Ansonsten danke für den Support

Alt 12.06.2015, 17:55   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Standard

Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?



passt


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?
.com, adware, antivirus, avira, browser, converter, desktop, device driver, downloader, firefox, flash player, ftp, iexplore.exe, internet, internet explorer, maleware, mp3, officejet, scan, security, sekunden, server, symantec, system, usb, werbung, windows



Ähnliche Themen: Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?


  1. Mein Windows 7 Laptop versucht auf Windows 10 upzugraden, wie kann ich das dauerhaft verhindern?
    Alles rund um Windows - 21.08.2015 (94)
  2. Laptop mit Windows 8 nach Malware Befall wirklich sauber? Logfiles anbei
    Log-Analyse und Auswertung - 30.12.2014 (9)
  3. Kann lästige Maleware von Windows 7 nicht löschen
    Log-Analyse und Auswertung - 15.12.2014 (5)
  4. Windows 7 Laptop kann nicht: herunterfahren
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (1)
  5. Windows 8 - SpyBot findet Maleware C kann diese aber nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (9)
  6. Befall von Maleware nach Download (u.a. Serach.New.Tab). GMER meldet Rootkit
    Log-Analyse und Auswertung - 02.11.2013 (14)
  7. Ständiger befall von viren oder maleware
    Log-Analyse und Auswertung - 23.10.2013 (43)
  8. Laptop / Windows Vista Home 32bit/ System Care Antivirus Befall
    Log-Analyse und Auswertung - 20.08.2013 (13)
  9. Windows 7 (64bit) - hyperaktive timeserver.exe - Malwarebytes kann Befall nicht dauerhaft entfernen
    Log-Analyse und Auswertung - 15.08.2013 (5)
  10. Möglicher Maleware Befall - Typ unbekannt
    Log-Analyse und Auswertung - 09.04.2011 (37)
  11. Probleme nach Windows Recovery Malware Befall
    Log-Analyse und Auswertung - 07.04.2011 (37)
  12. Antivira AV Maleware probleme Wer kann helfen
    Log-Analyse und Auswertung - 12.02.2011 (3)
  13. Laptop von Anti Maleware Doctor/Windows security alert befallen
    Plagegeister aller Art und deren Bekämpfung - 30.01.2011 (1)
  14. Laptop von Maleware und Trojaner befallen!
    Mülltonne - 09.10.2010 (3)
  15. Hijack this logfile bitte angucken aufgrund von maleware befall
    Log-Analyse und Auswertung - 24.09.2009 (1)
  16. Internetverbindungsabbrüche nach Maleware-Befall
    Log-Analyse und Auswertung - 18.02.2009 (0)
  17. Maleware/Spyware Befall - Manipulierter Browser, Windows Updates deaktiviert ...
    Plagegeister aller Art und deren Bekämpfung - 24.11.2008 (1)

Zum Thema Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? - Hallo, seit einiger Zeit ist mein physikalischer Arbeitsspeicher zunehmend ausgelastet. Außerdem muss ich für Seiten wie z.B. Youtube einen Adblocker benutzen, weil ich sonst von Werbung (keine reguläre Werbung im - Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?...
Archiv
Du betrachtest: Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.