Youporndeutsch.co Virus/Maleware?

Phil46 · 04.08.2015, 23:16

Hallo,
ich habe hier den Laptop einer Freundin, und sie hat folgendes Problem. Sie war, so wie sie sagte, auf Kinox.to unterwegs und plötzlich ist im IE die Seite www.youporndeutch.co/kategorien aufgesprungen.
Diese lässt sich jetzt aber nicht mehr schließen, noch kann man den Laptop runterfahren. Generell ist er auch sehr langsam. Fotos öffnen oder andere Sachen öffnen, Fehlanzeige!
In den Task-Manager komme ich auch nicht!

Was kann ich hier machen?

Gruß
Phil

schrauber · 05.08.2015, 05:43

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Phil46 · 05.08.2015, 11:20

War aber ne echt schwere Geburt das Programm runterzuladen und auszuführen.. hier aber jetzt die Logs...

FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
durchgeführt von MARKUS (Administrator) auf GHOST (05-08-2015 12:11:51)
Gestartet von C:\Users\MARKUS\Desktop
Geladene Profile: MARKUS (Verfügbare Profile: MARKUS)
Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\StormWatch\StormWatchSrv.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(Irrational Number Applications) C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(zik.mu) C:\Program Files\BubbleSound\3D BubbleSound.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
(PowerISO Computing, Inc.) I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Irrational Number Applications) C:\ProgramData\SqaSMuElYjF\dat\ZdtQfXQQRJN.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => I:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => i:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-27] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [StormWatch] => C:\Program Files (x86)\StormWatch\StormWatchApp.exe [1556504 2015-04-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [246544 2015-07-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [213776 2015-07-02] (Client Connect LTD)
Startup: C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk [2015-07-19]
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013
SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=58&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E43C685D43956C66&affID=121136&tsp=5014
SearchScopes: HKU\S-1-5-21-846433983-1932204352-779828525-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> I:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> I:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> I:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: PriceGong - Price Comparison -> {1631550F-191D-4826-B069-D9439253D926} -> C:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll [2013-07-02] (PriceGong)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-04-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
BHO-x32: DealPly Shopping -> {9cf699ca-2174-4ed8-bec1-ba82095edce0} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll [2013-07-21] (DealPly)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  Keine Datei
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  Keine Datei
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - I:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2164B092-CA0E-4B90-9765-CA7FA1E1F1B4}: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3

FireFox:
========
FF ProfilePath: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=55&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> I:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-09-24] (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-09-24] (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\user.js [2012-06-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation)
FF SearchPlugin: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\istartsurf.xml [2015-08-01]
FF SearchPlugin: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\mixidj.xml [2013-09-23]
FF SearchPlugin: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\trovi.xml [2015-07-19]
FF Extension: CinemaPlus-4.2vV19.07 - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-07-19]
FF Extension: Default SearchProtected  - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\defsearchp@gmail.com [2015-07-19]
FF Extension: deskCut - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\deskCutv2@gmail.com [2015-07-19]
FF Extension: PriceGong - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2015-07-19]
FF Extension: DealPly  Shopping - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [2013-09-24]
FF Extension: PricePeep - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\pricepeep@getpricepeep.com.xpi [2013-04-17]
FF Extension: Adblock Plus - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com
FF Extension: Kein Name - I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05]
CHR Extension: (Google Docs) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05]
CHR Extension: (Google Drive) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05]
CHR Extension: (PriceGong) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok [2015-08-05]
CHR Extension: (YouTube) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05]
CHR Extension: (Google Search) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05]
CHR Extension: (Google Sheets) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05]
CHR Extension: (Avast Online Security) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05]
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.12\pricegong.crx [2013-07-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)
R2 aXUOwJ; C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe [2732024 2015-07-19] (Irrational Number Applications)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-24] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-09-24] (DealPly Technologies Ltd)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-28] () [Datei ist nicht signiert]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-24] () [Datei ist nicht signiert]
S3 Microsoft SharePoint Workspace Audit Service; I:\Program Files\Microsoft Office\Office14\GROOVE.EXE [51740536 2011-06-12] (Microsoft Corporation)
R2 StormWatch Update Service; C:\Program Files (x86)\StormWatch\StormWatchSrv.exe [586264 2015-04-10] ()
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-24] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-08-05] ()
R1 wsfd_1_10_0_19; C:\Windows\System32\drivers\wsfd_1_10_0_19.sys [57728 2015-06-16] (WS)
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-05 12:12 - 2015-08-05 12:12 - 00001969 _____ C:\Users\Public\Desktop\Google  Chrome.lnk
2015-08-05 12:12 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Radio
2015-08-05 12:11 - 2015-08-05 12:12 - 00023433 _____ C:\Users\MARKUS\Desktop\FRST.txt
2015-08-05 12:11 - 2015-08-05 12:11 - 00000000 ____D C:\FRST
2015-08-05 12:10 - 2015-08-05 12:10 - 02169856 _____ (Farbar) C:\Users\MARKUS\Desktop\FRST64.exe
2015-08-05 12:09 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-05 12:08 - 2015-08-05 12:08 - 00004094 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-05 12:08 - 2015-08-05 12:08 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-05 12:08 - 2015-08-05 12:08 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 12:08 - 2015-08-05 12:08 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 12:06 - 2015-08-05 12:06 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-05 12:06 - 2015-08-05 12:06 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-05 12:06 - 2015-08-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-05 12:06 - 2015-08-05 12:05 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-05 12:05 - 2015-08-05 12:12 - 00001969 _____ C:\Users\Public\Desktop\speed browser.lnk
2015-08-05 12:05 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
2015-08-05 12:05 - 2015-08-05 12:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-05 12:05 - 2015-08-05 12:05 - 00000000 ____D C:\Users\MARKUS\AppData\Local\speed browser
2015-08-05 12:05 - 2015-08-05 12:05 - 00000000 ____D C:\Program Files (x86)\speed browser
2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-05 10:44 - 2015-08-05 10:44 - 00931408 _____ (Google Inc.) C:\Users\MARKUS\Downloads\ChromeSetup.exe
2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Deployment
2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Apps\2.0
2015-08-05 00:36 - 2015-08-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-08-04 23:55 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-04 23:55 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-04 23:54 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-08-04 23:54 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-08-04 23:54 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-04 23:54 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-08-04 23:54 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-08-04 23:54 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-08-04 23:53 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-04 23:53 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-08-04 23:53 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-08-04 23:52 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-04 23:52 - 2015-03-27 10:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2015-08-04 23:52 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-08-04 23:50 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-08-04 23:50 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-08-02 14:24 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-02 14:24 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-02 14:24 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-02 14:24 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-02 14:24 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-02 14:24 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-08-02 14:24 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-02 14:24 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-02 14:24 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-02 14:24 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-02 14:24 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-02 14:24 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-02 14:23 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-02 14:23 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-02 14:23 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-02 14:23 - 2015-05-09 01:39 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-02 14:23 - 2015-05-08 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-02 14:23 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-08-02 14:23 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-02 14:23 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-02 14:23 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-02 14:18 - 2015-08-02 14:18 - 00000000 ____D C:\ProgramData\Browser
2015-08-02 14:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-02 14:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-02 14:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-02 14:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-02 14:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-01 19:50 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-01 19:50 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-01 19:50 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-01 19:50 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-01 19:50 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-01 19:50 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-01 19:50 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-08-01 19:45 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-08-01 19:45 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2015-07-19 20:07 - 2015-08-05 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
2015-07-19 20:07 - 2015-08-05 10:09 - 00000000 ____D C:\Users\MARKUS\AppData\Local\avabvexvac
2015-07-19 20:07 - 2015-07-19 20:07 - 00003462 _____ C:\Windows\System32\Tasks\avabvexvac
2015-07-19 20:07 - 2015-07-19 20:07 - 00000823 _____ C:\Users\MARKUS\Desktop\3D BubbleSound.lnk
2015-07-19 20:07 - 2015-07-19 20:07 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
2015-07-19 20:07 - 2015-07-19 20:07 - 00000000 ____D C:\Program Files\BubbleSound
2015-07-19 20:07 - 2015-07-19 20:07 - 00000000 ____D C:\Program Files (x86)\PriceGong
2015-07-19 20:06 - 2015-07-19 20:07 - 00000000 ____D C:\Users\MARKUS\AppData\Local\SearchProtect
2015-07-19 20:06 - 2015-07-19 20:07 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-07-19 20:06 - 2015-07-19 20:06 - 00000000 ____D C:\ProgramData\Vreaanknumlug
2015-07-19 20:06 - 2015-07-19 20:06 - 00000000 ____D C:\Program Files (x86)\WordShark_1.10.0.19
2015-07-19 20:05 - 2015-04-25 05:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-19 20:05 - 2015-04-25 01:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-19 20:01 - 2015-07-19 20:01 - 00000000 ____D C:\ProgramData\Uniblue
2015-07-19 20:00 - 2015-08-05 12:10 - 00000000 ____D C:\Users\MARKUS\AppData\Local\WebShield
2015-07-19 20:00 - 2015-08-05 12:07 - 00004508 _____ C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4.job
2015-07-19 20:00 - 2015-08-05 12:07 - 00003152 _____ C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7.job
2015-07-19 20:00 - 2015-07-19 20:24 - 00000000 ____D C:\Users\MARKUS\AppData\Local\gmsd_de_004010035
2015-07-19 20:00 - 2015-07-19 20:20 - 00000000 ____D C:\Program Files (x86)\gmsd_de_004010035
2015-07-19 20:00 - 2015-07-19 20:19 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-4.2vV19.07
2015-07-19 20:00 - 2015-07-19 20:17 - 00002126 _____ C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-10_user.job
2015-07-19 20:00 - 2015-07-19 20:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 20:00 - 2015-07-19 20:00 - 00007512 _____ C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4
2015-07-19 20:00 - 2015-07-19 20:00 - 00006156 _____ C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7
2015-07-19 20:00 - 2015-07-19 20:00 - 00002386 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\istartsurf
2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Weather_Protector_LLC
2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-07-19 20:00 - 2015-07-19 20:00 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-07-19 19:59 - 2015-08-05 12:10 - 00000000 ____D C:\Users\MARKUS\AppData\Local\StormWatch
2015-07-19 19:59 - 2015-08-05 12:09 - 00000000 ____D C:\Users\MARKUS\Documents\ProPCCleaner
2015-07-19 19:59 - 2015-08-05 12:01 - 00003456 _____ C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-07-19 19:59 - 2015-07-19 20:23 - 00000000 ____D C:\Users\MARKUS\AppData\Local\D9DF0E76-C9D7-4F83-A919-28FDB7D924AA
2015-07-19 19:59 - 2015-07-19 20:00 - 00000000 ____D C:\ProgramData\WebShield
2015-07-19 19:59 - 2015-07-19 20:00 - 00000000 ____D C:\ProgramData\SqaSMuElYjF
2015-07-19 19:59 - 2015-07-19 19:59 - 00003192 _____ C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-07-19 19:59 - 2015-07-19 19:59 - 00001069 _____ C:\Users\MARKUS\Desktop\Pro PC Cleaner.lnk
2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner
2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Program Files (x86)\StormWatch
2015-07-19 19:59 - 2015-07-19 19:59 - 00000000 ____D C:\Program Files (x86)\Pro PC Cleaner

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-05 12:12 - 2013-09-21 22:01 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-846433983-1932204352-779828525-1001
2015-08-05 12:12 - 2013-09-21 21:55 - 00002043 _____ C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-05 12:09 - 2013-09-21 23:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-05 12:09 - 2013-09-21 21:55 - 00000000 ____D C:\Users\MARKUS\AppData\Local\VirtualStore
2015-08-05 12:07 - 2013-09-24 18:15 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2015-08-05 12:07 - 2013-09-24 17:35 - 00000914 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2015-08-05 12:07 - 2013-09-21 23:43 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-05 12:07 - 2013-09-21 22:01 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2015-08-05 12:07 - 2013-09-21 22:01 - 00000424 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2015-08-05 12:07 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-05 12:06 - 2014-08-24 20:30 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-05 12:06 - 2014-01-25 12:47 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-05 12:06 - 2013-09-24 18:42 - 00229570 _____ C:\Windows\PFRO.log
2015-08-05 12:06 - 2013-09-21 23:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-05 12:06 - 2013-09-21 21:55 - 01323381 _____ C:\Windows\WindowsUpdate.log
2015-08-05 12:05 - 2013-09-21 23:43 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-05 12:01 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-05 11:59 - 2015-04-16 14:07 - 00426040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-05 11:58 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-08-05 11:58 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-05 11:58 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-05 11:18 - 2013-09-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-05 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-08-05 10:47 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2015-08-05 10:47 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2015-08-05 10:47 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-05 10:40 - 2013-09-24 17:35 - 00000918 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2015-08-05 00:36 - 2013-09-24 19:44 - 00245019 _____ C:\Windows\setupact.log
2015-08-02 22:44 - 2013-09-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-01 20:11 - 2013-09-23 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-19 20:04 - 2013-09-21 22:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-19 20:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2015-07-13 23:22 - 2015-03-20 21:53 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:22 - 2015-03-20 21:53 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-05 12:05 - 2015-08-05 12:05 - 0032038 _____ () C:\Users\MARKUS\AppData\Roaming\Edge.ico

Einige Dateien in TEMP:
====================
C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe
C:\Users\MARKUS\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\MARKUS\AppData\Local\Temp\pricepeep_1.exe
C:\Users\MARKUS\AppData\Local\Temp\ResetDevice.exe
C:\Users\MARKUS\AppData\Local\Temp\setup.exe
C:\Users\MARKUS\AppData\Local\Temp\Uni000.exe
C:\Users\MARKUS\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-02 22:43

==================== Ende von log ============================

Addition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
durchgeführt von MARKUS (2015-08-05 12:12:22)
Gestartet von C:\Users\MARKUS\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-846433983-1932204352-779828525-500 - Administrator - Disabled)
Gast (S-1-5-21-846433983-1932204352-779828525-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-846433983-1932204352-779828525-1003 - Limited - Enabled)
MARKUS (S-1-5-21-846433983-1932204352-779828525-1001 - Administrator - Enabled) => C:\Users\MARKUS

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ACHTUNG
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.33 - Abelssoft)
CinemaPlus-4.2vV19.07 (HKLM-x32\...\CinemaPlus-4.2vV19.07) (Version: 1.36.01.22 - Cinema PlusV19.07) <==== ACHTUNG
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ACHTUNG
GamesDesktop 014.004010035 (HKLM-x32\...\gmsd_de_004010035_is1) (Version:  - GAMESDESKTOP) <==== ACHTUNG
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ACHTUNG
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ACHTUNG
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.300.05.03.52 - Huawei Technologies Co.,Ltd)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version:  - )
PriceGong 2.6.12 (HKLM-x32\...\PriceGong) (Version: 2.6.12 - PriceGong) <==== ACHTUNG
Pro PC Cleaner (HKLM-x32\...\Pro PC Cleaner) (Version: 2.9.6 - Pro PC Cleaner) <==== ACHTUNG
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.60.24 - Client Connect LTD) <==== ACHTUNG
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
SlimDrivers (HKLM-x32\...\{EE877592-4C1B-42E3-907B-141E48163E05}) (Version: 2.2.32534 - SlimWare Utilities, Inc.)
speed browser (HKLM-x32\...\speed browser) (Version: 44.0.2367.0 - Smart Applications) <==== ACHTUNG
StormWatch (HKLM-x32\...\StormWatch) (Version: 1.0.2.55 - StormWatch) <==== ACHTUNG
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Shield (HKLM-x32\...\WebShield) (Version: 2.7.68 - Irrational Number Applications)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WordShark 1.10.0.19 (HKLM-x32\...\WordShark_1.10.0.19) (Version: 1.10.0.19 - WordShark) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

01-08-2015 19:39:24 Windows Update
04-08-2015 23:55:07 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0722BE0A-FCF7-41FA-B5B6-12477263E329} - System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7 => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-1-7.exe <==== ACHTUNG
Task: {0CBCA4AA-36FB-4122-A96E-54B6C4B77748} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\msoia.exe
Task: {14E31A58-26E2-4CA5-A27C-49C32D7224EC} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2015-07-03] (Pro PC Cleaner) <==== ACHTUNG
Task: {1DE4B79E-7B24-4124-AFE9-E191A02D6745} - System32\Tasks\DealPlyUpdate => C:\Program <==== ACHTUNG
Task: {28379297-254D-4B0C-A647-2FEEE6EE8302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-19] (Adobe Systems Incorporated)
Task: {42F42A4A-3E37-4E3B-A20E-A303A0D9F7D6} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-09-24] (DealPly Technologies Ltd) <==== ACHTUNG
Task: {4A71F4EE-CA8D-4A86-B4F4-7ED828BA8220} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {4CCF6FD3-3D1F-4DE4-A920-2AF77BEF3BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {4CF33B29-9D78-4743-9AFF-C64C93780036} - System32\Tasks\avabvexvac => C:\Users\MARKUS\AppData\Local\avabvexvac\avabvexvac.exe [2015-07-02] () <==== ACHTUNG
Task: {4DF39370-FB1A-4F1F-ADD1-4FFEA4A27696} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-09-19] (CHIP)
Task: {5BED26AC-B98B-4232-A4E9-FE5557B83080} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2015-07-03] () <==== ACHTUNG
Task: {793E054E-6A72-4073-9FDD-C6EAF543FBDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {81FB1E80-234D-4685-BD71-306426C9E268} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-05] (AVAST Software)
Task: {B6BFDC3A-C6E6-44EA-BF89-4195CF34317B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe
Task: {BADE1018-B7FD-4363-989C-3A04B454716A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {C4391197-CFB4-4FE8-ABE1-FF7D25DC5A34} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-09-24] (DealPly Technologies Ltd) <==== ACHTUNG
Task: {C5E2A175-89F2-40BC-B89D-746178CBDF9C} - System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4 => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-4.exe [2015-07-19] (Cinema PlusV19.07) <==== ACHTUNG
Task: {CE4CDF5A-FC28-46DA-B88D-BA2167F1C271} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-17] (SlimWare Utilities, Inc.)
Task: {DC8478C0-A6EF-4C5F-B8D5-8A8EB965F2CF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-08-05] (AVAST Software)
Task: {E2687BA9-6CDA-4378-8132-DC60F9088080} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-09-24] ()

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7.job => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-1-7.exe <==== ACHTUNG
Task: C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-10_user.job => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-10.exe <==== ACHTUNG
Task: C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4.job => C:\Program Files (x86)\CinemaPlus-4.2vV19.07\774c6438-9235-495c-96ac-0b596846d9af-4.exe <==== ACHTUNG
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ACHTUNG
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-01-08 20:12 - 2015-01-08 20:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-21 22:48 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-23 22:47 - 2012-11-28 14:31 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2015-04-10 15:49 - 2015-04-10 15:49 - 00586264 _____ () C:\Program Files (x86)\StormWatch\StormWatchSrv.exe
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-10 15:49 - 2015-04-10 15:49 - 01556504 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe
2015-08-05 12:05 - 2015-08-05 12:05 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-05 12:05 - 2015-08-05 12:05 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-05 10:11 - 2015-08-05 10:11 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15080402\algo.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-05 12:06 - 2015-08-05 12:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-05 12:09 - 2015-07-31 08:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-05 12:09 - 2015-07-31 08:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-05 12:09 - 2015-08-05 12:09 - 01240568 _____ () C:\ProgramData\SqaSMuElYjF\dat\MrZPGFxqyBW.dll
2015-08-05 12:12 - 2015-08-05 12:12 - 00082696 _____ () C:\ProgramData\Radio\prompt.exe

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-846433983-1932204352-779828525-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6166F54B-B65F-415B-971A-F8C9A6B8F78E}] => (Allow) I:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{53E65CE1-1DDA-4A9F-B546-B69B981554F0}] => (Allow) I:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{203B06D9-7BD4-4B9E-A0EE-C42D1B421B26}] => (Allow) I:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BC6F74BD-4D15-4DB1-904F-611638802DD0}] => (Allow) I:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{E0A95703-05C1-42CD-9D27-A13D53E065DF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{4477845B-0F92-4039-A38B-2A44A53CB836}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{D5EB3681-D4AA-4130-8883-594ECD47B610}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{C9EBE41C-8505-4E80-BB3E-C4AE01C42F6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FFF51C5-E069-47E6-A4B0-7FAB19EAF6EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CFEF6734-F6AA-49DA-A60F-C6DBAA4B6C1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E757F3FA-9D15-4AAC-AB0D-64D316BAF1EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14A66F14-0288-4A21-B495-8DD1FDEC388C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EF2B2998-3FD3-4DA6-A068-FEC6F8563888}I:\program files (x86)\mozilla firefox\firefox.exe] => (Block) I:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3B5A836B-8D83-4328-8F65-E6C1777FD5B9}I:\program files (x86)\mozilla firefox\firefox.exe] => (Block) I:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{18EB1593-619E-49AD-92A9-FB3F09E91F3A}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{ADA11736-0AA3-4627-96F3-D8F85606B3C3}] => (Allow) C:\Program Files (x86)\speed browser\Application\browser.exe
FirewallRules: [{F3D341A7-F81A-44F6-B6A4-818FD0EA93BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/05/2015 12:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000077b8
ID des fehlerhaften Prozesses: 0x15a8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/05/2015 11:58:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a96c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17313, Zeitstempel: 0x5507a23b
Ausnahmecode: 0xc0000008
Fehleroffset: 0x0002dc2c
ID des fehlerhaften Prozesses: 0x798
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (08/05/2015 10:15:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000077b8
ID des fehlerhaften Prozesses: 0x1924
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/05/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000077b8
ID des fehlerhaften Prozesses: 0x11f8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/05/2015 10:14:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000077b8
ID des fehlerhaften Prozesses: 0xfc0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/05/2015 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000077b8
ID des fehlerhaften Prozesses: 0x144c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/05/2015 10:13:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 2.6.12.0, Zeitstempel: 0x51d295a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000077b8
ID des fehlerhaften Prozesses: 0x1a4c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23340468

Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23340468

Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============
Error: (08/05/2015 12:07:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/05/2015 12:06:52 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.

Error: (08/05/2015 12:06:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/05/2015 12:06:44 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI1

Error: (08/05/2015 11:59:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/05/2015 11:58:57 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert.

Error: (08/05/2015 11:58:49 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (08/05/2015 11:58:48 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI1

Error: (08/05/2015 11:58:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Orbiter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/05/2015 11:58:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================
Error: (08/05/2015 12:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b815a801d0cf664e933146C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll9a846604-3b59-11e5-be93-685d43956c66

Error: (08/05/2015 11:58:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.2.9200.16420505a96c3ntdll.dll6.2.9200.173135507a23bc00000080002dc2c79801d0cf6539678c12C:\Windows\SysWOW64\svchost.exeC:\Windows\SYSTEM32\ntdll.dll85afcc9b-3b58-11e5-be92-685d43956c66

Error: (08/05/2015 10:15:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b8192401d0cf56deda897aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll239e2779-3b4a-11e5-be91-685d43956c66

Error: (08/05/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b811f801d0cf56d396aab3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll191ff14b-3b4a-11e5-be91-685d43956c66

Error: (08/05/2015 10:14:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b8fc001d0cf56c6547f2bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll0c328d70-3b4a-11e5-be91-685d43956c66

Error: (08/05/2015 10:14:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b8144c01d0cf56b8295fffC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dllff6046b1-3b49-11e5-be91-685d43956c66

Error: (08/05/2015 10:13:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156PriceGongIE.dll2.6.12.051d295a3c0000005000077b81a4c01d0cf568d2c8f62C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dlle6336dc5-3b49-11e5-be91-685d43956c66

Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23340468

Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23340468

Error: (08/05/2015 10:06:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity:
===================================
  Date: 2015-07-19 20:13:18.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:12:52.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:12:51.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:12:50.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:12:45.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:12:44.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:11:38.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:09:11.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:09:11.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-19 20:09:03.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 19%
Total physical RAM: 8086.83 MB
Available physical RAM: 6474.96 MB
Total Virtual: 9302.83 MB
Available Virtual: 7666.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:13.07 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive g: (Volume) (Fixed) (Total:426.66 GB) (Free:425.98 GB) NTFS
Drive i: (Anwendungen) (Fixed) (Total:271.97 GB) (Free:268.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0EC1D3C8)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=42)

==================== Ende von log ============================

Gruß
Phil

schrauber · 06.08.2015, 05:33

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

BubbleSound

CinemaPlus-4.2vV19.07

Crossbrowse

GamesDesktop 014.004010035

Google Update Helper

istartsurf uninstall

PriceGong 2.6.12

Pro PC Cleaner

Search Protect

speed browser

StormWatch

WordShark 1.10.0.19
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Phil46 · 07.08.2015, 16:54

Hallo,
BubbleSounds und Google Update Helper waren nicht in der Liste zu finden, daher konnte ich sie auch nicht löschen.

Hier aber die anderen Logs...

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 07/08/2015 um 17:09:19
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-01.1 [Server]
# Betriebssystem : Windows 8 Pro  (x64)
# Benutzername : MARKUS - GHOST
# Gestarted von : C:\Users\MARKUS\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : swdumon

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\WebShield
Ordner Gelöscht : C:\Program Files (x86)\speed browser
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser
Ordner Gelöscht : C:\Users\MARKUS\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\MARKUS\AppData\Local\speed browser
Ordner Gelöscht : C:\Users\MARKUS\AppData\Local\slimware utilities inc
Ordner Gelöscht : C:\Users\MARKUS\AppData\LocalLow\mixidj
Ordner Gelöscht : C:\Users\MARKUS\AppData\Roaming\Babylon
Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\Windows\System32\drivers\swdumon.sys
Datei Gelöscht : C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Clients\StartMenuInternet\speed browser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\Browser
Schlüssel Gelöscht : HKCU\Software\SlimWare Utilities Inc
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\StormWatchApp
Schlüssel Gelöscht : HKLM\SOFTWARE\SlimWare Utilities Inc
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Browser
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17267

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v

[wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={search[...]
[wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a6a1a03975fde4c8690f6b883c36bc17d88519bfe704d8cae3851239com74253.74253.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%[...]
[wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[wfwtmpfw.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v44.0.2403.130


*************************

AdwCleaner[R0].txt - [5695 Bytes] - [07/08/2015 17:07:48]
AdwCleaner[S0].txt - [5077 Bytes] - [07/08/2015 17:09:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5136  Bytes] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 8 Pro x64
Ran by MARKUS on 07.08.2015 at 17:16:10,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] swdumon [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SlimDrivers Startup
Successfully deleted: [Task] C:\Windows\Tasks\SlimDrivers Startup.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys



~~~ Folders

Successfully deleted: [Folder] C:\Users\MARKUS\Appdata\Local\slimware utilities inc
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Users\MARKUS\Appdata\Local\D9DF0E76-C9D7-4F83-A919-28FDB7D924AA



~~~ FireFox

Successfully deleted the following from C:\Users\MARKUS\AppData\Roaming\mozilla\firefox\profiles\wfwtmpfw.default\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, tugs);
user_pref(browser.search.searchengine.uid, OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3);



~~~ Chrome


[C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\MARKUS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2015 at 17:19:24,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

neues FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
durchgeführt von MARKUS (Administrator) auf GHOST (07-08-2015 17:21:42)
Gestartet von C:\Users\MARKUS\Desktop
Geladene Profile: MARKUS (Verfügbare Profile: MARKUS)
Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => I:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => i:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-27] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> I:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> I:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> I:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - I:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2164B092-CA0E-4B90-9765-CA7FA1E1F1B4}: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default
FF Homepage: https://www.malwarebytes.org/restorebrowser//?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=55&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> I:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-21]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [nicht gefunden]
FF Extension: Kein Name - I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05]
CHR Extension: (Google Docs) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05]
CHR Extension: (Google Drive) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05]
CHR Extension: (YouTube) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05]
CHR Extension: (Google Search) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05]
CHR Extension: (Google Sheets) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05]
CHR Extension: (Avast Online Security) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-05] (Avast Software)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-28] () [Datei ist nicht signiert]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-24] () [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; I:\Program Files\Microsoft Office\Office14\GROOVE.EXE [51740536 2011-06-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-24] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-05] (Avast Software)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-07 17:21 - 2015-08-07 17:21 - 00000000 ____D C:\Users\MARKUS\Desktop\FRST-OlderVersion
2015-08-07 17:19 - 2015-08-07 17:19 - 00002092 _____ C:\Users\MARKUS\Desktop\JRT.txt
2015-08-07 17:13 - 2015-08-07 17:13 - 00005236 _____ C:\Users\MARKUS\Desktop\AdwCleaner[S0].txt
2015-08-07 17:12 - 2015-08-07 17:12 - 01797896 _____ (Malwarebytes Corporation) C:\Users\MARKUS\Desktop\JRT.exe
2015-08-07 17:07 - 2015-08-07 17:09 - 00000000 ____D C:\AdwCleaner
2015-08-07 17:06 - 2015-08-07 17:06 - 02248704 _____ C:\Users\MARKUS\Downloads\AdwCleaner_4.208.exe
2015-08-07 17:06 - 2015-08-07 17:06 - 00165340 _____ C:\Users\MARKUS\Desktop\mbam.txt
2015-08-07 17:03 - 2015-08-07 17:03 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-07 17:00 - 2015-08-07 17:00 - 00001398 _____ C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-07 16:10 - 2015-08-07 17:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 16:10 - 2015-08-07 16:10 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-07 16:10 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-07 16:10 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-07 16:10 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-07 16:09 - 2015-08-07 16:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MARKUS\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-07 15:47 - 2015-08-07 15:47 - 00001264 _____ C:\Users\MARKUS\Desktop\Revo Uninstaller.lnk
2015-08-07 15:47 - 2015-08-07 15:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-07 15:45 - 2015-08-07 15:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MARKUS\Downloads\revosetup95.exe
2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\system32\vbox
2015-08-05 12:12 - 2015-08-05 12:12 - 00032859 _____ C:\Users\MARKUS\Desktop\Addition.txt
2015-08-05 12:11 - 2015-08-07 17:21 - 00014802 _____ C:\Users\MARKUS\Desktop\FRST.txt
2015-08-05 12:11 - 2015-08-07 17:21 - 00000000 ____D C:\FRST
2015-08-05 12:10 - 2015-08-07 17:21 - 02170368 _____ (Farbar) C:\Users\MARKUS\Desktop\FRST64.exe
2015-08-05 12:09 - 2015-08-07 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-05 12:08 - 2015-08-07 17:18 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 12:08 - 2015-08-07 17:10 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 12:08 - 2015-08-05 12:13 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-05 12:08 - 2015-08-05 12:13 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-05 12:06 - 2015-08-05 12:06 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-05 12:06 - 2015-08-05 12:06 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-05 12:06 - 2015-08-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-05 12:06 - 2015-08-05 12:05 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-05 12:05 - 2015-08-05 12:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-05 10:44 - 2015-08-05 10:44 - 00931408 _____ (Google Inc.) C:\Users\MARKUS\Downloads\ChromeSetup.exe
2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Deployment
2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Apps\2.0
2015-08-05 00:36 - 2015-08-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-08-04 23:55 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-04 23:55 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-04 23:54 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-08-04 23:54 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-08-04 23:54 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-04 23:54 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-08-04 23:54 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-08-04 23:54 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-08-04 23:53 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-04 23:53 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-08-04 23:53 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-08-04 23:52 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-04 23:52 - 2015-03-27 10:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2015-08-04 23:52 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-08-04 23:50 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-08-04 23:50 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-08-02 14:24 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-02 14:24 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-02 14:24 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-02 14:24 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-02 14:24 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-02 14:24 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-08-02 14:24 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-02 14:24 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-02 14:24 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-02 14:24 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-02 14:24 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-02 14:24 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-02 14:23 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-02 14:23 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-02 14:23 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-02 14:23 - 2015-05-09 01:39 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-02 14:23 - 2015-05-08 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-02 14:23 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-08-02 14:23 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-02 14:23 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-02 14:23 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-02 14:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-02 14:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-02 14:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-02 14:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-01 19:50 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-01 19:50 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-01 19:50 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-01 19:50 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-01 19:50 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-01 19:50 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-01 19:50 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-08-01 19:45 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-08-01 19:45 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2015-07-19 20:05 - 2015-04-25 05:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-19 20:05 - 2015-04-25 01:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-19 20:00 - 2015-07-19 20:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-07 17:18 - 2013-09-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 17:16 - 2013-09-21 21:55 - 01897250 _____ C:\Windows\WindowsUpdate.log
2015-08-07 17:16 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2015-08-07 17:16 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2015-08-07 17:16 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-07 17:15 - 2014-11-22 00:00 - 00000000 ___HD C:\$Windows.~BT
2015-08-07 17:15 - 2013-09-21 22:01 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-846433983-1932204352-779828525-1001
2015-08-07 17:14 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-07 17:10 - 2013-09-24 18:42 - 00545238 _____ C:\Windows\PFRO.log
2015-08-07 17:10 - 2013-09-24 18:15 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2015-08-07 17:10 - 2013-09-21 23:43 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-07 17:10 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 16:59 - 2012-07-26 12:29 - 00000000 ____D C:\Windows\ShellNew
2015-08-07 16:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-08-07 15:42 - 2013-09-23 22:46 - 00000000 ____D C:\Windows\system32\MRT
2015-08-05 13:20 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-05 12:09 - 2013-09-21 23:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-05 12:09 - 2013-09-21 21:55 - 00000000 ____D C:\Users\MARKUS\AppData\Local\VirtualStore
2015-08-05 12:06 - 2014-08-24 20:30 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-05 12:06 - 2014-01-25 12:47 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-05 12:06 - 2013-09-21 23:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-05 12:05 - 2013-09-21 23:43 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-05 11:59 - 2015-04-16 14:07 - 00426040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-05 11:58 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-08-05 11:58 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-05 11:58 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-05 00:36 - 2013-09-24 19:44 - 00245019 _____ C:\Windows\setupact.log
2015-08-02 22:44 - 2013-09-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-01 20:11 - 2013-09-23 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-19 20:04 - 2013-09-21 22:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-19 20:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2015-07-13 23:22 - 2015-03-20 21:53 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:22 - 2015-03-20 21:53 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-05 12:05 - 2015-08-05 12:05 - 0032038 _____ () C:\Users\MARKUS\AppData\Roaming\Edge.ico

Einige Dateien in TEMP:
====================
C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe
C:\Users\MARKUS\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\MARKUS\AppData\Local\Temp\Quarantine.exe
C:\Users\MARKUS\AppData\Local\Temp\ResetDevice.exe
C:\Users\MARKUS\AppData\Local\Temp\sqlite3.dll
C:\Users\MARKUS\AppData\Local\Temp\Uni000.exe
C:\Users\MARKUS\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-02 22:43

==================== Ende von log ============================

Das Log von mabm bekomme ich nicht in einen Code-Tag!?

Musste das log jetzt teilen....

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 07.08.2015
Suchlaufzeit: 16:11
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.07.03
Rootkit-Datenbank: v2015.08.06.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: MARKUS

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357474
Abgelaufene Zeit: 8 Min., 0 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 6
PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe, 2660, Löschen bei Neustart, [22ddca3b701b2412d9da88c059a8fa06]
PUP.Optional.3DBubbleSound.A, C:\Program Files\BubbleSound\3D BubbleSound.exe, 5932, Löschen bei Neustart, [3dc2b253b1da2c0a1fc362b504ffb54b]
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 5024, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56]
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 4524, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56]
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 3612, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56]
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, 5724, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56]

Module: 13
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\d3dcompiler_47.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\ffmpegsumo.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\ffmpegsumo.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libegl.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libglesv2.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 

Registrierungsschlüssel: 216
PUP.Optional.WebShield.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\aXUOwJ, In Quarantäne, [22ddca3b701b2412d9da88c059a8fa06], 
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylive, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], 
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylivem, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DEALPLYLIVE.EXE, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DEALPLYLIVE.EXE, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [4db25ea792f93303e2074585fc06ee12], 
PUP.Optional.MixiDJToolbar.A, HKLM\SOFTWARE\CLASSES\APPID\{A2773ED4-83BD-488A-A186-73590706C916}, In Quarantäne, [906f83829fec37ff3098a723917145bb], 
PUP.Optional.MixiDJToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2773ED4-83BD-488A-A186-73590706C916}, In Quarantäne, [906f83829fec37ff3098a723917145bb], 
PUP.Optional.MixiDJToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A2773ED4-83BD-488A-A186-73590706C916}, In Quarantäne, [906f83829fec37ff3098a723917145bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [30cff0151f6c71c518d2daf012f0b848], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [e51a95706c1f73c31d83abeb0002cf31], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [e51a95706c1f73c31d83abeb0002cf31], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, In Quarantäne, [e51a95706c1f73c31d83abeb0002cf31], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [0ef16e97b2d93204cfafb5e1bd4515eb], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [0ef16e97b2d93204cfafb5e1bd4515eb], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [0ef16e97b2d93204cfafb5e1bd4515eb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [aa5521e4216a7cba10db5674db27a55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [45ba22e3a6e5092dec004684689a9b65], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [fa05a95c404b2511f0fdebdf72906d93], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [01fe00057b109b9b27c7ae1c8d7545bb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [48b733d27d0e9d9915da8149ba48da26], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [f906778e7615191dbe325377cd35b947], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [2cd35aab1576e2549160606ab25014ec], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickCtrl.9, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.Update3WebControl.3, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [26d942c38dfe52e4e70deae03ac826da], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [26d942c38dfe52e4e70deae03ac826da], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [7986a461f09b023445b0daf0dc2659a7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreClass, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [22ddf312d9b246f01cdaeddd44be4fb1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [c8371ee73c4f51e57384c901d32f30d0], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [827d8d784b400531dc1cab1f47bb936d], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [58a704019eedab8be3e5e9e4f40e8d73], 
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [58a704019eedab8be3e5e9e4f40e8d73], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [f00f4fb65734a5914e8a5a3889794ab6], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [dc233bcaacdfef4721d7365d60a23fc1], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [dc233bcaacdfef4721d7365d60a23fc1], 
PUP.Optional.PullUpdate.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WebShield, In Quarantäne, [19e64bbaa7e467cf56e0ff804cb936ca], 
PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\BubbleSound, In Quarantäne, [13ec0bfac1ca10261a2abeedf50f619f], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [cb34c045c7c44cea4a2382f1a65e956b], 
PUP.Optional.StormWarnings.C, HKLM\SOFTWARE\CLASSES\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, In Quarantäne, [35ca8382d3b847ef78823571f70d1de3], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DealPlyLive.exe, In Quarantäne, [0cf38f76d8b31125c8a53e35ad5752ae], 
PUP.Optional.StormWarnings.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, In Quarantäne, [c53a48bd13789f974caefaac867eea16], 
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [6f9058ade3a8191de4b7fe9be3217c84], 
PUP.Optional.ProPCCleaner.C, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASAPI32, In Quarantäne, [55aa50b5018a05312830a6ff22e220e0], 
PUP.Optional.ProPCCleaner.C, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASMANCS, In Quarantäne, [649b54b144470e283820c4e1f90be719], 
PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASAPI32, In Quarantäne, [33cc8f7656358aace9e67833db2918e8], 
PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASMANCS, In Quarantäne, [9c63ee17fa9167cfddf2416a1be9d52b], 
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , In Quarantäne, [44bb44c1bad1ff3706cbedb6877d3ec2], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [7a8564a1eba03bfb7d939ff1da2ac739], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [c33c14f13358181e22ed0a86788cf010], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\774c6438-9235-495c-96ac-0b596846d9af-1-7, Löschen bei Neustart, [42bdf213771468ce471263b1e81bd030], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\774c6438-9235-495c-96ac-0b596846d9af-4, Löschen bei Neustart, [827d93725635f1459dbcb65e867d06fa], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\avabvexvac, Löschen bei Neustart, [8f703ec722695bdbaf5564af71922ad6], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\DealPlyLiveUpdateTaskMachineCore, Löschen bei Neustart, [d629da2b54373afca5ba779d0201847c], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\DealPlyLiveUpdateTaskMachineUA, Löschen bei Neustart, [59a63bca1576191d17486ca86c97b050], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\DealPlyUpdate, Löschen bei Neustart, [7c8323e28a01ea4cce9172a2946f966a], 
PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\ProPCCleaner_Popup, Löschen bei Neustart, [a7582fd6b1da5cdadefad53d1ce728d8], 
PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\ProPCCleaner_Start, Löschen bei Neustart, [6c93ce377516aa8cffd9040e70936898], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [ac53679e2665e84e3e8208429073ce32], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [b946ea1be6a541f56e5c72d9c43f22de], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [4db254b1266531058de18ae9c53f8e72], 
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [738c778e2a6141f5d4ed5fb9b44f0af6], 
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, In Quarantäne, [ee11fa0b1e6d2d0932cceb41be45639d], 
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [857a53b2d9b28caaa7d4d9649172b749], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ab5420e5fb9080b62240c25702017b85], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [cb34cf3605865adcd895d69d35cf649c], 
PUP.Optional.StormWarnings.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}, In Quarantäne, [c936a95cf596a88e0eecb2f4b94be41c], 
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, In Quarantäne, [7f80ee17aae1a98d4d5d841ddb292fd1], 
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ec13d72eaae10531b8e37524f70d5aa6], 
PUP.Optional.WordShark.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordSharkAutoUpdateClient_RASAPI32, In Quarantäne, [2ed14db8a3e866d0c2bf5a53ad5740c0], 
PUP.Optional.WordShark.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordSharkAutoUpdateClient_RASMANCS, In Quarantäne, [926d57ae6c1fed49344d8c214db7b34d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [f30c6d9895f6d264234de192966ee719], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [916eeb1aeaa161d56e02482b838156aa], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, In Quarantäne, [46b956af5a31f54191a18027c143e51b], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, In Quarantäne, [00ff81843b50ce681037d5c25ba99d63], 
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [bf4056af0388e74f9aa0d49bba4aba46], 
PUP.Optional.WordShark.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsfd_1_10_0_19, In Quarantäne, [4ab57a8bc6c5c27411bb54510df7ab55], 
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [817ea065b2d994a2f5aea799bd4658a8], 
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\CrossBrowser, In Quarantäne, [de2118ed8dfe44f240739b80bd46c53b], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\DataMngr, In Quarantäne, [619e689d8efd66d043b5f37ec83c40c0], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\DealPly, In Quarantäne, [c33c1bea03886bcb58aa80b17f84f709], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\DealPlyLive, In Quarantäne, [f50a798c107b8aacde93c0b30bf98f71], 
PUP.Optional.ProPCCleaner.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\ProPCCleanerLanguage, In Quarantäne, [a857be477a11a1956054267945bf55ab], 
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\StormWatchApp, In Quarantäne, [47b86f96afdc3df9a0760c28ab58a957], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TutoTag, In Quarantäne, [7b844abbb9d27eb8192ee3ac46be35cb], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ac539372becd171f09ba7312b054936d], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [7788e91cfe8db680ca8dd9b28e76b54b], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [837c30d5aae1e74fb541db9762a233cd], 
PUP.Optional.Trovi.C, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [728df70ec1ca6dc95974c2dd1ce83ec2], 
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [57a8a36205860630bedc386124e08a76], 
PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\SMARTBAR, In Quarantäne, [3bc4ca3ba8e3de58bcf15707a063df21], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TUTORIALS\updatetutorialeshp, In Quarantäne, [fb04a65f1279ec4ac69bd450ff04f30d], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TUTORIALS\updatetutorialshp, In Quarantäne, [47b884816625c274085a82a2758e22de], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\TUTORIALS\updv, In Quarantäne, [2ed14db8216a72c479eab66e4eb501ff], 
PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\CLASSES\CLSID\{1386F2A3-FEB9-4C55-AD9A-B798EE57299B}, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\CLASSES\CLSID\{7FDF7A92-F901-4F93-9769-A8AC41C8E563}, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BubbleSound, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 

Registrierungswerte: 30
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [6f9058ade3a8191de4b7fe9be3217c84]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, In Quarantäne, [eb14a06574176ccafba05247ce36fa06]
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [6f90c73edead0c2a0c09201bd52e15eb]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [f00ffd083853f541b61a3a6913f10df3]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [5ca347be8efdf5415e72c5dec341e818]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [9f60c73ec7c41d191fb1cfd4d23219e7]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [44bbb5507b1095a1a42ca0031ee6e31d]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [4db244c1a8e352e4b31d0c9734d030d0]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [21deff06b5d6be7806ca198adf25936d]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130818028280130295, In Quarantäne, [44bb44c1bad1ff3706cbedb6877d3ec2]
PUP.Optional.3DBubbleSound.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3D BubbleSound, "C:\Program Files\BubbleSound\3D BubbleSound.exe", In Quarantäne, [3dc2b253b1da2c0a1fc362b504ffb54b]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, In Quarantäne, [55aa41c499f241f5ae4158c25ea5629e]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, In Quarantäne, [ad52976e37546fc7a97d85179074fa06]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [ec13d72eaae10531b8e37524f70d5aa6]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, In Quarantäne, [9966c540315a5cda2b709efb1fe5d030]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [5aa55da88308c274987d2b10b94aab55]
PUP.Optional.DefaultSearchProtected.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|defsearchp@gmail.com, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com, In Quarantäne, [7887c144b2d936002b37e1ca27dd16ea]
PUP.Optional.DeskCut.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskCutv2@gmail.com, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com, In Quarantäne, [56a924e10b80cc6a524f4acb689ba15f]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 2, In Quarantäne, [46b956af5a31f54191a18027c143e51b]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 4240A073-9D9E-4E54-A476-4A844BAC89E2, In Quarantäne, [00ff81843b50ce681037d5c25ba99d63]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, In Quarantäne, [817ea065b2d994a2f5aea799bd4658a8]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, In Quarantäne, [3ac5e71ec8c3290d3ce96a32f11344bc]
PUP.Optional.Trovi.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=58&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&q={searchTerms}&SSPV=, In Quarantäne, [00ffee17068539fd418d2c6dd4301ee2]
PUP.Optional.Conduit.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [05fab3523a51053126e69a815ba8748c]
PUP.Optional.Trovi.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, In Quarantäne, [dc23cc39d5b6999d3896415821e3ae52]
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E43C685D43956C66&affID=121136&tsp=5014, In Quarantäne, [807fb253a0ebff37a0656139b54f57a9]
PUP.Optional.Babylon.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, In Quarantäne, [4eb18c796a2182b4b62d75a2649fd52b]
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [57a8a36205860630bedc386124e08a76]
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, In Quarantäne, [bf40966fb9d2af871d7dc4d5a06430d0]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, In Quarantäne, [3bc4ca3ba8e3de58bcf15707a063df21]

Registrierungsdaten: 19
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),Ersetzt,[3ac5c63fa1eafe38f0a625097e837090]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll),Ersetzt,[5fa041c4810a999dabebb37b56abc33d]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[f807c14457345bdba6b7a69b9273748c]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[ff00a2634348072ff91fe957c44127d9]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[e6193dc802895dd974a4b888fd08e818]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[da258f763d4e16207d9bab95f015bb45]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[43bc7491e4a739fde92f43fd73929868]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[aa55d530a0ebad89ace5bc8f0df803fd]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[5da26d981576c17574e90d34669f5ba5]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[b14ef213dab1c274ec2cf947c144d12f]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[ae515ca9117a50e68f899ca49c693ac6]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[f30cb74e860590a6f4242f11778e619f]
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3&q={searchTerms}),Ersetzt,[bb440203c2c9d85e8a8ef14f45c0f20e]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[d02ff5102764c1751a7784c77590817f]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[fc034eb74d3e80b6b02caf91f015e917]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[0df2e2231e6df343746af24e4eb7d22e]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[b24d5aabe4a73105f7e7ac9413f2fe02]
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1437328802&z=f7adfcc82b4c0bfbf86b331gez1c5m1c5o4b7qctem&from=tugs&uid=OCZ-VERTEX2_OCZ-3G5ZC6HL9F15H5F3),Ersetzt,[d42b34d1ee9d55e1ba5c8eb232d314ec]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-846433983-1932204352-779828525-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=a6e7a521-09d1-add7-fc6b-ee134f9e63e4&searchtype=ds&q={searchTerms}&installDate=24/09/2013),Ersetzt,[d72808fd5437c76f01dc142c1fe6e61a]

Ordner: 126
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, In Quarantäne, [d22dc2432d5e71c5c4d381990bf816ea], 
PUP.Optional.WebShield.A, C:\Users\MARKUS\AppData\Local\WebShield, In Quarantäne, [807f22e3d5b65ed83506a2a59a6947b9], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly, In Quarantäne, [29d64eb73754350142178be40afaba46], 
PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [16e901045635b086442f5a17b54f48b8], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\defaults, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\defaults\preferences, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\userCode, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\locale, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\locale\en-US, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.BubbleSound.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0, In Quarantäne, [f708eb1addae2e0876e354507e86e818], 
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\1.0.4.1, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], 
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\Radio, In Quarantäne, [44bb887df09be452813df1b7c2423dc3], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Dealply, In Quarantäne, [58a7d92c256667cfe0a7d50aec1620e0], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Dealply\UpdateProc, In Quarantäne, [58a7d92c256667cfe0a7d50aec1620e0], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{98C83EB6-163C-4643-972B-9BD1F97CF4FA}, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.OpenCandy, C:\Users\MARKUS\AppData\Roaming\OpenCandy, In Quarantäne, [9e61d82dbbd0a294acffcf105ca64db3], 
PUP.Optional.OpenCandy, C:\Users\MARKUS\AppData\Roaming\OpenCandy\2134824CD35644C28148A6942AE0A3F6, In Quarantäne, [9e61d82dbbd0a294acffcf105ca64db3], 
PUP.Optional.OpenCandy, C:\Users\MARKUS\AppData\Roaming\OpenCandy\FDAE2589122C41D99C0D4DEE819C2A34, In Quarantäne, [9e61d82dbbd0a294acffcf105ca64db3], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Local\DealPlyLive, In Quarantäne, [f708a263187368cec4ff914ecb3751af], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [f708a263187368cec4ff914ecb3751af], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\SearchProtect, In Quarantäne, [68973cc95536bf773f82c02fbd45a858], 
PUP.Optional.GlobalUpdate.A, C:\Users\MARKUS\AppData\Local\Temp\comh.323374, In Quarantäne, [16e91de84447e551a6ed60923ec44bb5], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\Locales, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.GamesDesktop.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP, In Quarantäne, [718ef510b0dbc96dd76249b892713fc1], 
PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035, In Quarantäne, [b946b45133589f9762d842bff90a758b], 
PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\Download, In Quarantäne, [b946b45133589f9762d842bff90a758b], 
PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\gmsd_de_004010035, In Quarantäne, [b946b45133589f9762d842bff90a758b], 
PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\gmsd_de_004010035\1.20, In Quarantäne, [b946b45133589f9762d842bff90a758b], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, In Quarantäne, [31ce13f2157653e37f6e7795b64def11], 
PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], 
PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], 
PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze\2.9.6.0, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound, Löschen bei Neustart, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.StormWatch.A, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch, In Quarantäne, [1fe0f2132863fa3cd354fb14a55e25db], 
PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\Documents\ProPCCleaner, In Quarantäne, [d02fc73e82096fc7964a67a8808338c8], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pl, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\tr, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\vi, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults\preferences, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\content, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\skin, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\dat, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], 
PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73],

Phil46 · 07.08.2015, 17:00

Hier der zweite Teil...

Code:

ATTFilter

Dateien: 473
PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe, Löschen bei Neustart, [22ddca3b701b2412d9da88c059a8fa06], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, In Quarantäne, [3ac5c63fa1eafe38f0a625097e837090], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, In Quarantäne, [5fa041c4810a999dabebb37b56abc33d], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe, In Quarantäne, [6b947b8a810a42f406a1af46b7493cc4], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [e817af5666257eb8e30fccfe679b8977], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [e41b8a7b4a4161d5b43f8e3ce61c7789], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyIE.dll, In Quarantäne, [6d9230d5fe8d65d121f2c2ce5aa8c63a], 
PUP.Optional.PullUpdate.A, C:\ProgramData\Browser\prompt.exe, In Quarantäne, [ec1390752d5e7db92edd7a42c0412bd5], 
PUP.Optional.PullUpdate.A, C:\ProgramData\Radio\prompt.exe, In Quarantäne, [0ff03bca810a072f3fcc7d3f52afcf31], 
PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\dat\aTMUIWqsG.exe, Löschen bei Neustart, [f50a33d2b2d93bfb00b3b5934ab7a65a], 
PUP.Optional.ZombieInvasion.A, C:\ProgramData\SqaSMuElYjF\dat\MrZPGFxqyBW.dll, Löschen bei Neustart, [ff00a95c6427e353727453d48d782bd5], 
PUP.Optional.PullUpdate.C, C:\ProgramData\SqaSMuElYjF\dat\taCdjwNSZVx.dll, Löschen bei Neustart, [16e97c89a4e747ef59ddabd452b36997], 
PUP.Optional.WebShield.A, C:\ProgramData\SqaSMuElYjF\dat\ZdtQfXQQRJN.exe, Löschen bei Neustart, [629d907599f25ed8159efd4b0ff2cc34], 
PUP.Optional.PullUpdate.C, C:\ProgramData\WebShield\Uninstall.exe, In Quarantäne, [19e64bbaa7e467cf56e0ff804cb936ca], 
PUP.Optional.Linkury.A, C:\Users\MARKUS\AppData\Roaming\OpenCandy\2134824CD35644C28148A6942AE0A3F6\Installer.exe, In Quarantäne, [23dc0203c2c914223da30eea8a7aa759], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\OpenCandy\FDAE2589122C41D99C0D4DEE819C2A34\dp.exe, In Quarantäne, [4fb0a75ef09bc4727da5caaa8d788080], 
PUP.Optional.Dealply, C:\Program Files (x86)\DealPly\DealPlyUpdate.exe, In Quarantäne, [f30c3cc97615f73fde6499d8f70eba46], 
PUP.Optional.Dealply, C:\Program Files (x86)\DealPly\DealPlyUpdateRun.exe, In Quarantäne, [00ff1ee7a0ebe5510c366f02bb4add23], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyUpdateVer.exe, In Quarantäne, [2ad5e322b3d847ef1cb272addf21c43c], 
RiskWare.Tool.CK, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$RERSWD4.exe, In Quarantäne, [926daf56ddae8ea815713b43040146ba], 
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$ROOLZ0A.07\774c6438-9235-495c-96ac-0b596846d9af-4.exe, In Quarantäne, [2dd2ac59e7a43ef84c87dd9ab94c25db], 
PUP.Optional.Downloader.C, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$ROOLZ0A.07\Uninstall.exe, In Quarantäne, [4bb4d332fc8fe551ffff09afbc45926e], 
PUP.Optional.SearchProtect.A, C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$ROVMHT3\uninstall.exe, In Quarantäne, [b649aa5b296253e3e8ae39f5f0110000], 
PUP.Optional.Crossbrowse.C, C:\Users\MARKUS\AppData\Local\Temp\F713.tmp, In Quarantäne, [41bed2338b0065d1387af68751b4d828], 
PUP.Optional.Babylon.A, C:\Users\MARKUS\AppData\Local\Temp\setup.exe, In Quarantäne, [39c6aa5babe0bc7a2d12ebfb49b7fb05], 
PUP.Optional.PricePeep.A, C:\Users\MARKUS\AppData\Local\Temp\pricepeep_1.exe, In Quarantäne, [7e813dc895f678bed3e1a4667d8454ac], 
PUP.Optional.WebBar.A, C:\Users\MARKUS\AppData\Local\Temp\108c948e-1aa6-4763-9da9-71be00c60a64\web_bar_setup.exe, In Quarantäne, [5ea129dc6f1ca591f8f2f2931be624dc], 
PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Local\Temp\667a9c41-7d25-41de-ab32-255d2b213bd5\lly_istartsurf.exe, In Quarantäne, [689731d4286382b4d8084a319f6647b9], 
PUP.Optional.WebShield.A, C:\Users\MARKUS\AppData\Local\Temp\dddef2f9-a5b5-4b1d-b5e8-25dffbdd6c25\setup.exe, In Quarantäne, [e51adf26aedd60d65536b79903fd827e], 
PUP.Optional.StormWatch.A, C:\Users\MARKUS\AppData\Local\Temp\f876484c-7802-40b3-9f4e-7df399edf320\setup.exe, In Quarantäne, [55aa7b8ab0db81b583b4c47843bd9c64], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Temp\is-T3468.tmp\pricegong.exe, In Quarantäne, [af5043c238535ed858c87c9e52af54ac], 
PUP.Optional.Crossbrowse.C, C:\Users\MARKUS\AppData\Local\Temp\9862\setup.exe, In Quarantäne, [ee11e421d6b50036e1d1ceafc0454cb4], 
PUP.Optional.SkyTech.A, C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\QQBrowserFrame.dll, In Quarantäne, [1de2798cd5b66ec87eba55ff9b6658a8], 
PUP.Optional.WordShark.A, C:\Users\MARKUS\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [08f7c3425338fb3b6c058e221be6ac54], 
PUP.Optional.Downloader, C:\Users\MARKUS\Downloads\VLC media player 32 Bit - CHIP-Installer.exe, In Quarantäne, [32cdc1443e4da78f37f485c3ec14a060], 
PUP.Optional.SearchProtect, C:\Users\MARKUS\AppData\Local\avabvexvac\avabvexvac.exe, In Quarantäne, [748b8f767c0fae88d1afd1931ae73dc3], 
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, In Quarantäne, [7788f70ed5b6d4620d8977b711f09e62], 
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\nbin\VC32Loader.dll, In Quarantäne, [3dc20bfa0f7c270f435388a63fc2c43c], 
PUP.Optional.3DBubbleSound.A, C:\Users\MARKUS\Desktop\3D BubbleSound.lnk, In Quarantäne, [f80717ee99f21521b42d68afee1532ce], 
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, In Quarantäne, [d22dc2432d5e71c5c4d381990bf816ea], 
PUP.Optional.Trovi.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\trovi.xml, In Quarantäne, [d22dd431a7e41e18515c091549ba2dd3], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avabvexvac, In Quarantäne, [3dc255b05e2d8caa197091916c97867a], 
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job, In Quarantäne, [7d82ab5a791261d5d31f46e9d1320cf4], 
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job, In Quarantäne, [23dc6e979fec52e49959200fba49b848], 
PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\istartsurf.xml, In Quarantäne, [8b744cb9137892a4aac695a9be4519e7], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7, In Quarantäne, [5ea17e878b009b9b4847172bee158e72], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4, In Quarantäne, [e01fbd48444763d33c5391b19a69f40c], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore, In Quarantäne, [09f6f80d6526bf77373b380efb08768a], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA, In Quarantäne, [d8274fb6315a171f9ad887bf06fdf010], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [33ccbf468308b086343e77cf3dc68e72], 
PUP.Optional.WebShield.A, C:\Users\MARKUS\AppData\Local\WebShield\data2.dat, In Quarantäne, [807f22e3d5b65ed83506a2a59a6947b9], 
PUP.Optional.MixiDJ.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\searchplugins\mixidj.xml, In Quarantäne, [7788ea1bd2b97eb87feac1960ef53ac6], 
PUP.Optional.PricePeep.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\pricepeep@getpricepeep.com.xpi, In Quarantäne, [30cfef16a2e9bd7928541245f0139070], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPly.crx, In Quarantäne, [29d64eb73754350142178be40afaba46], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPly.xpi, In Quarantäne, [29d64eb73754350142178be40afaba46], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyIE64.dll, In Quarantäne, [29d64eb73754350142178be40afaba46], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyUpdate.log, In Quarantäne, [29d64eb73754350142178be40afaba46], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\icon.ico, In Quarantäne, [29d64eb73754350142178be40afaba46], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\uninst.exe, In Quarantäne, [29d64eb73754350142178be40afaba46], 
PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [16e901045635b086442f5a17b54f48b8], 
PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [16e901045635b086442f5a17b54f48b8], 
PUP.OPtional.Dealply.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [16e901045635b086442f5a17b54f48b8], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [679873921a716fc727d2d0abdf25ab55], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-1-7.job, In Quarantäne, [48b708fd513a86b0c595cebf34d0f30d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-10_user.job, In Quarantäne, [22ddee17f299181e8dcdace1f60eb050], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\774c6438-9235-495c-96ac-0b596846d9af-4.job, In Quarantäne, [e51af60f454648ee52087b121de7d729], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [15ea47bea7e4f83ee52df69adf25e11f], 
PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [cd32689d2962fc3a1a2e0292c93bc13f], 
PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [1be4d92c0982b97dd771563e28dcea16], 
PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [cd32d2334a419d997bcdc8ccf01443bd], 
PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [659add2872191b1b45030f851de7c838], 
PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [47b875903754c86e3f09a0f4fc086997], 
PUP.Optional.Vitruvian.A, C:\Users\MARKUS\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, In Quarantäne, [5ea1d82d286367cf4503c8cc49bb867a], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\crossrider_statusbar.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button1.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button2.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button3.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button4.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\button5.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon128.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon16.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon24.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\icon48.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\panelarrow-up.png, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\popup.html, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\skin.css, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\skin\update.css, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome.manifest, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\install.rdf, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\0113a152429c572601fcebdc7cc6967f.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\110160835b5a1f92bcc62f909899ca9a.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\12a6898699b7cf299a2491187784c5ef.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\3a0791e9cf083e799d3524c263f11854.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\4fb88dae63226e6299984e709e27884d.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\a5718f6ef5317bc32ba8655077da7859.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\background.html, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\browser.xul, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\dialog.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\options.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\options.xul, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\search_dialog.xul, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\a71f2b19ee319b2568cd7948f11c0174.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\190949771611cdcd01d0627da5a702cc.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\228b084cb972835caf94ae164f87133e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\2daea0a96fcf6d282e3e1fe5443e30a6.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\3c33e104d698473542d3d1cbf898dbbc.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\5db859adf0fffac8157f3811070ff891.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\750d0632354e22f8d89d9661e46bc7a9.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\7589eb2375d0872da54a5e30419926e8.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\a6f01248d32417c77bab007e4886342c.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\b5e48145d357cd7c3687a3f08afd3d06.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\c6fb0e819753532a5fbd62b13aaaac98.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\cb3ccbc4a14700f753cf5b0ea73d5a0d.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\d8928caf619151599aa8ab64ec233ef0.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\da4ecf7d2636bbc6f07dde42d8eb09cd.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\daa62d7076421368a9c39bb76e8e1d14.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\api\f4f452f5d121bb07be139e1e9587fc9c.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\00dc18ed21869485befc514b201c4514.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\08d5163208fca1eaa8bb3229d4a8aaf1.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\0ea6492d681c8c583bec60bee57e092e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\16c83328d047fe3ef8826468d3c4c6ab.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\183578f197b56fccd10f6e73f00f4882.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\20d64d4a0fdca1eec38c880ef138cecb.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\246bf7fba23ce99638945053934fae25.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\2ec17942187b5d1ca5acb6387da7784b.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\37f2a7c7d880ef7fcc4e2a04a126f8a0.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\5a177b09fd38d91c81e9291a4745684e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\64cba9313f500442d1a12e711c3c5fd7.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\81ee80a9e3ff4f9f399f6433a5e6111d.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\9e3b32c893ff351b3b6ebf57e9c05510.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\b00147f7362be7267c72535563259f03.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\b13c888aa396260b76459ac073d0e8b4.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\c2da62c403d6486ae34c1811fd24c5c2.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\cf54d0c56a76b50191ece4150f7cbe51.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\d8a77c9f3afccd351b239b31a978ac4e.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\f70eb6e5549a3f1d1b10515cb4850e4f.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\ffe82212f3a9693a6c7f5b4add4b62dc.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\chrome\content\core\installer.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\defaults\preferences\prefs.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\manifest.xml, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins.json, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\281.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\102.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\104.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\119.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\13.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\14.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\16.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\17.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\178.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\179.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\180.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\184.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\195.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\200.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\220.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\223.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\231.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\232.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\234.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\242.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\246.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\252.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\253.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\273.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\288.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\289.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\300.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\334.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\335.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\339.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\345.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\354.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\356.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\376.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\380.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\385.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\389.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\390.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\391.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\4.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\424.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\47.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\64.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\7.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\78.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\9.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\plugins\91.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\userCode\background.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\extensionData\userCode\extension.js, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com\locale\en-US\translations.dtd, In Quarantäne, [8a75ef16a1eabe7874a64b50bb4928d8], 
PUP.Optional.Browser.A, C:\ProgramData\Browser\prompt.exe.config, In Quarantäne, [738c867f3f4c8fa789de2c7071939d63], 
PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Popup, In Quarantäne, [a95640c5cbc039fde3ce079892729f61], 
PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Start, In Quarantäne, [b44bc0454348bf77d4dd079800042dd3], 
PUP.Optional.BubbleSound.A, C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0\Uninstall.lnk, In Quarantäne, [f708eb1addae2e0876e354507e86e818], 
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\1.0.4.1\eaclaoro.exe.config, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], 
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\1.0.4.1\sqlite3.dll, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], 
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Vreaanknumlug\dat.dat, In Quarantäne, [32cd02035338b87e2e0c03a5ba4a38c8], 
PUP.Optional.PullUpdate.A, C:\ProgramData\Radio\prompt.exe.config, In Quarantäne, [44bb887df09be452813df1b7c2423dc3], 
PUP.Optional.3DBubbleSound.A, C:\Program Files\BubbleSound\3D BubbleSound.exe, Löschen bei Neustart, [3dc2b253b1da2c0a1fc362b504ffb54b], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [e31cf510602b6bcb0f7836a934cea957], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Dealply\UpdateProc\config.dat, In Quarantäne, [58a7d92c256667cfe0a7d50aec1620e0], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [8a750ef767249e98d6b2d70852b041bf], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\manifest.json, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\pg_background.html, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\html_comp.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_page_injected_script.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\js\pg_tab_wrapper.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.html, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.js, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins\npPriceGong_CH.dll, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_128.png, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_16.png, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.PriceGong.A, C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\res\pg_icon_48.png, In Quarantäne, [be41966fc5c62f074c079152ad5508f8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome.manifest, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\install.rdf, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\dealplyshopping.xul, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content\images\icon32.png, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.DealPly.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\defaults\preferences\defaults.js, In Quarantäne, [49b69f664744e35307501fc522e038c8], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\browser.exe, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_100_percent.pak, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_child.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\chrome_elf.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\d3dcompiler_47.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\ffmpegsumo.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\icudtl.dat, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libegl.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\libglesv2.dll, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\natives_blob.bin, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\resources.pak, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\snapshot_blob.bin, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.SpeedBrowser.A, C:\Program Files (x86)\speed browser\Application\44.0.2367.0\Locales\de.pak, Löschen bei Neustart, [fb0418ed8407a096dee6a35a20e2aa56], 
PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\upgmsd_de_004010035.cyl, In Quarantäne, [b946b45133589f9762d842bff90a758b], 
PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\user_profil.cyp, In Quarantäne, [b946b45133589f9762d842bff90a758b], 
PUP.Optional.GamesDesktop.A, C:\Users\MARKUS\AppData\Local\gmsd_de_004010035\gmsd_de_004010035\1.20\cnf.cyl, In Quarantäne, [b946b45133589f9762d842bff90a758b], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\bahvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\mkfvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\pvpqbjobmlpfqlovvawq, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\qokvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\rfobmlpfqlovvawq, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\rpboobmlpfqlovvawq, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\stb.dat, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.SearchProtect.A, C:\Users\MARKUS\AppData\Local\avabvexvac\ycfvxfk, In Quarantäne, [39c6ab5addaea294d052d83155aeb64a], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe, In Quarantäne, [31ce13f2157653e37f6e7795b64def11], 
PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_xfrt3hu2ec5vknmrnagnhswpaqprhwze\2.9.6.0\user.config, In Quarantäne, [659aeb1a494202340c1a7698fe054ab6], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\backup_High Definition Audio-Gerät_Digitalaudio (S_PDIF).reg, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\backup_High Definition Audio-Gerät_Lautsprecher.reg, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\backup_High Definition Audio-Gerät_SAMSUNG.reg, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\BubbleSound.dll, Löschen bei Neustart, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\silentinstaller.exe, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\silentuninstaller.exe, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\Uninstall.exe, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config\3DBubbleSound.conf, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config\3DBubbleSound.err, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.BubbleSound.A, C:\Program Files\BubbleSound\config\3DBubbleUser.conf, In Quarantäne, [c43b1aebc3c876c0954ceb231ee52cd4], 
PUP.Optional.StormWatch.A, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch\StormWatchSrv.dat, In Quarantäne, [1fe0f2132863fa3cd354fb14a55e25db], 
PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\Documents\ProPCCleaner\log.txt, In Quarantäne, [d02fc73e82096fc7964a67a8808338c8], 
PUP.Optional.ProPCCleaner.A, C:\Users\MARKUS\Documents\ProPCCleaner\logerror.txt, In Quarantäne, [d02fc73e82096fc7964a67a8808338c8], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome.manifest, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\install.rdf, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\index.html, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\icon.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\logo.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\luck.png, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\simple.css, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\chrome\skin\style.css, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\addonmanager.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\aes.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\config.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\dialogs.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\last_tab.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\misc.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\properties.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\remoterequest.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\restoreprefs.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com\modules\settings.js, In Quarantäne, [ec1311f4711ada5c4f6408084cb75da3], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome.manifest, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\install.rdf, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.DefaultSearchProtected.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com\chrome\skin\icon.png, In Quarantäne, [946bc2437714a0962fb2b759b54ed030], 
PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\dat\aTMUIWqsG.exe.config, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], 
PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\dat\ZdtQfXQQRJN.exe.config, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], 
PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.dat, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], 
PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\aXUOwJ.exe.config, In Quarantäne, [01fe1ce997f49b9b9a684f3383828d73], 
PUP.Optional.PullUpdate.A, C:\ProgramData\SqaSMuElYjF\info.dat, Löschen bei Neustart, [01fe1ce997f49b9b9a684f3383828d73], 
PUP.Optional.QuickStart.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[a6590df87d0e6dc966f5473d7e8740c0]
PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "istartsurf");), Ersetzt,[3dc2e025f39849edd2a1305443c2cc34]
PUP.Optional.IStartSurf.ShrtCln, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "istartsurf");), Ersetzt,[807fac59f79434025321d3b13dc8926e]
PUP.Optional.CrossRider.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14ea77f75e9eb8da2693fd81ac8c4353");), Ersetzt,[7c839d688a0183b338a7ff8642c3c53b]
PUP.Optional.Trovi.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (browser.startup.homepage", "hxxp://www.trovi.com), Ersetzt,[5ea115f05239989e05cfaeda7293bf41]
PUP.Optional.DefaultProtectedSearch.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (defsearchp@gmail.com), Ersetzt,[906f7c896a21290da9556b1df312f60a]
PUP.Optional.DeskCut.A, C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\prefs.js, Gut: (), Schlecht: (deskCutv2@gmail.com), Ersetzt,[48b7fd0892f939fd9f60f39553b201ff]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

schrauber · 08.08.2015, 09:44

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Phil46 · 08.08.2015, 13:08

Hey,

hier der log von Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=03d4cbbc643a6843865c70410fa74ea8
# end=init
# utc_time=2015-08-08 11:28:08
# local_time=2015-08-08 01:28:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25184
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=03d4cbbc643a6843865c70410fa74ea8
# end=updated
# utc_time=2015-08-08 11:32:18
# local_time=2015-08-08 01:32:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=03d4cbbc643a6843865c70410fa74ea8
# engine=25184
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-08 11:51:40
# local_time=2015-08-08 01:51:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 265458 203455190 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12004212 98540811 0 0
# scanned=200765
# found=18
# cleaned=18
# scan_time=1161
sh=874DD3B68A7AE8A29A145B1396BC54D4B23FFB8D ft=1 fh=f169519a8f7ba48b vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$R5HXT6J.exe"
sh=228F3D985297D2A6B390D24308E2EC4F640D051D ft=1 fh=c71c001100a74d61 vn="Variante von Win32/ELEX.EL evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-846433983-1932204352-779828525-1001\$RGBU4CA\UninstallManager.exe"
sh=036C75D0603BE8B8AE9732856D75441371BD7D90 ft=1 fh=ac03f69a67ae4d22 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe"
sh=01B394BFD78AC1A88EF00B03878680F68FDD5291 ft=1 fh=80aefb8aa3c56326 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe"
sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe"
sh=1B103F696A2D86A7790EDF1FEE66E0F60CE93CAD ft=1 fh=c289951717bd4b3d vn="Variante von Win32/InstallCore.ABD evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe"
sh=FC208B1CEC80F9DF9AD3E213426C97D3341D3C01 ft=1 fh=c28995172ebabccb vn="Variante von Win32/InstallCore.ABD evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe"
sh=189851DB27A636E7E11BBE63F7875193096EF5AE ft=1 fh=c28995179123e56b vn="Variante von Win32/InstallCore.ABD evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe"
sh=C86214CB00DB102DC1896C7D609DEE58B93BB7D3 ft=1 fh=c28995175efc5099 vn="Variante von Win32/InstallCore.ABD evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe"
sh=EA3060E5492AD2557EAB12E1CE8766D79CD6E503 ft=1 fh=dae6dd3d7a54b142 vn="MSIL/MyPCBackup.G evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe"
sh=6C23A9F9903CA4B244E59DDA21784D8347200F8C ft=1 fh=f8d43310deb0dd2c vn="Variante von Win32/UniBlue.F evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe"
sh=8F52C7430EBD3BC43405060EAE167FD1C4D82414 ft=1 fh=057a3b13cf704491 vn="Win32/MyPCBackup.E evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe"
sh=01E3F3147C9A5C79743CD67E4CC45CF3DB63E82A ft=1 fh=f77468889b04ad91 vn="MSIL/Rebrand.LittleRegClean.E evtl. unerwÃ¼nschte Anwendung (gelÃ¶scht - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe"
sh=F0A5E04842697404275CF4A352455ACD5FC44578 ft=1 fh=c71c0011e496372e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll"
sh=EE7646E9A9ECD2FA138A5EE732368D3785E060B2 ft=1 fh=a9e6d2fee3def72a vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll"
sh=FF6FD97BCC603890C9BDFFEBE992A8B95D4F2686 ft=1 fh=6c2a9be43d49c952 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe"
sh=6C1EBB908033B4EE30E460ED72CA2095C1831972 ft=1 fh=193edd22efd246d5 vn="Variante von Win32/Toolbar.CrossRider.CP evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll"
sh=228F3D985297D2A6B390D24308E2EC4F640D051D ft=1 fh=c71c001100a74d61 vn="Variante von Win32/ELEX.EL evtl. unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen - in QuarantÃ¤ne kopiert)" ac=C fn="C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe"

Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 1.006  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	18.0.0.209  
 Adobe Reader XI  
 Google Chrome (44.0.2403.130) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015
durchgeführt von MARKUS (Administrator) auf GHOST (08-08-2015 14:06:28)
Gestartet von C:\Users\MARKUS\Desktop
Geladene Profile: MARKUS (Verfügbare Profile: MARKUS)
Platform: Windows 8 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PowerISO Computing, Inc.) I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => I:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => i:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-07-27] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-05] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-05] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-846433983-1932204352-779828525-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> I:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> I:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> I:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> I:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - I:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2164B092-CA0E-4B90-9765-CA7FA1E1F1B4}: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default
FF Homepage: https://www.malwarebytes.org/restorebrowser//?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M7A767C84-5C6C-492C-B7EA-8FA6621C32F5&SearchSource=55&CUI=&UM=8&UP=SP9768A5FA-B711-4F8E-AC80-6FBC97E31C7D&D=071915&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> I:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> I:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-21]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\defsearchp@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\deskCutv2@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\MARKUS\AppData\Roaming\Mozilla\Firefox\Profiles\wfwtmpfw.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [nicht gefunden]
FF Extension: Kein Name - I:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05]
CHR Extension: (Google Docs) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05]
CHR Extension: (Google Drive) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05]
CHR Extension: (YouTube) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05]
CHR Extension: (Google Search) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05]
CHR Extension: (Google Sheets) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05]
CHR Extension: (Avast Online Security) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\MARKUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-05]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-05] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-05] (Avast Software)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-28] () [Datei ist nicht signiert]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-09-24] () [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; I:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50921648 2013-03-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-05] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-05] (AVAST Software)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-24] (Duplex Secure Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-05] (Avast Software)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-08 14:02 - 2015-08-08 14:02 - 00852684 _____ C:\Users\MARKUS\Desktop\SecurityCheck.exe
2015-08-08 13:37 - 2015-08-08 13:38 - 00000712 _____ C:\Windows\DtcInstall.log
2015-08-08 13:19 - 2015-08-08 13:19 - 02870984 _____ (ESET) C:\Users\MARKUS\Downloads\esetsmartinstaller_deu.exe
2015-08-08 13:09 - 2015-08-08 13:09 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-07 17:22 - 2015-08-07 17:22 - 00031860 _____ C:\Users\MARKUS\Desktop\FRST1.txt
2015-08-07 17:21 - 2015-08-08 14:06 - 00000000 ____D C:\Users\MARKUS\Desktop\FRST-OlderVersion
2015-08-07 17:19 - 2015-08-07 17:19 - 00002092 _____ C:\Users\MARKUS\Desktop\JRT.txt
2015-08-07 17:13 - 2015-08-07 17:13 - 00005236 _____ C:\Users\MARKUS\Desktop\AdwCleaner[S0].txt
2015-08-07 17:12 - 2015-08-07 17:12 - 01797896 _____ (Malwarebytes Corporation) C:\Users\MARKUS\Desktop\JRT.exe
2015-08-07 17:07 - 2015-08-07 17:09 - 00000000 ____D C:\AdwCleaner
2015-08-07 17:06 - 2015-08-07 17:06 - 02248704 _____ C:\Users\MARKUS\Downloads\AdwCleaner_4.208.exe
2015-08-07 17:06 - 2015-08-07 17:06 - 00165340 _____ C:\Users\MARKUS\Desktop\mbam.txt
2015-08-07 17:03 - 2015-08-07 17:03 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-07 17:00 - 2015-08-07 17:00 - 00001398 _____ C:\Users\MARKUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-07 16:10 - 2015-08-07 17:04 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 16:10 - 2015-08-07 16:10 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 16:10 - 2015-08-07 16:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-07 16:10 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-07 16:10 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-07 16:10 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-07 16:09 - 2015-08-07 16:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MARKUS\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-07 15:47 - 2015-08-07 15:47 - 00001264 _____ C:\Users\MARKUS\Desktop\Revo Uninstaller.lnk
2015-08-07 15:47 - 2015-08-07 15:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-07 15:45 - 2015-08-07 15:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MARKUS\Downloads\revosetup95.exe
2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-08-07 15:42 - 2015-08-07 15:42 - 00000000 ____D C:\Windows\system32\vbox
2015-08-05 12:12 - 2015-08-05 12:12 - 00032859 _____ C:\Users\MARKUS\Desktop\Addition.txt
2015-08-05 12:11 - 2015-08-08 14:06 - 00015467 _____ C:\Users\MARKUS\Desktop\FRST.txt
2015-08-05 12:11 - 2015-08-08 14:06 - 00000000 ____D C:\FRST
2015-08-05 12:10 - 2015-08-08 14:06 - 02169856 _____ (Farbar) C:\Users\MARKUS\Desktop\FRST64.exe
2015-08-05 12:09 - 2015-08-07 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-05 12:08 - 2015-08-08 13:18 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 12:08 - 2015-08-08 13:09 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 12:08 - 2015-08-05 12:13 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-05 12:08 - 2015-08-05 12:13 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-05 12:06 - 2015-08-05 12:06 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-05 12:06 - 2015-08-05 12:06 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-05 12:06 - 2015-08-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-05 12:06 - 2015-08-05 12:05 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-05 12:05 - 2015-08-05 12:05 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-08-05 12:01 - 2015-08-05 12:01 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-05 10:44 - 2015-08-05 10:44 - 00931408 _____ (Google Inc.) C:\Users\MARKUS\Downloads\ChromeSetup.exe
2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Deployment
2015-08-05 10:38 - 2015-08-05 10:38 - 00000000 ____D C:\Users\MARKUS\AppData\Local\Apps\2.0
2015-08-05 00:36 - 2015-08-05 00:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-08-04 23:55 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-04 23:55 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-04 23:54 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-08-04 23:54 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-08-04 23:54 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-04 23:54 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-08-04 23:54 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-08-04 23:54 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-08-04 23:53 - 2015-05-07 15:05 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-04 23:53 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-08-04 23:53 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-08-04 23:52 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-08-04 23:52 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-04 23:52 - 2015-03-27 10:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2015-08-04 23:52 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-08-04 23:50 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-08-04 23:50 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-08-02 14:24 - 2015-07-14 22:11 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-02 14:24 - 2015-07-14 22:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-02 14:24 - 2015-07-14 21:43 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-02 14:24 - 2015-07-14 21:43 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-02 14:24 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-02 14:24 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-08-02 14:24 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-02 14:24 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-08-02 14:24 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-02 14:24 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-02 14:24 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-02 14:24 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-02 14:24 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-02 14:23 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-02 14:23 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-02 14:23 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-02 14:23 - 2015-05-09 01:39 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-02 14:23 - 2015-05-08 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-02 14:23 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-08-02 14:23 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-02 14:23 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-02 14:23 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-02 14:18 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-02 14:18 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-02 14:18 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-02 14:18 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-02 14:18 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-01 19:50 - 2015-06-25 03:54 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-01 19:50 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-01 19:50 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-01 19:50 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-01 19:50 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-01 19:50 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-01 19:50 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-08-01 19:45 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-08-01 19:45 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2015-07-19 20:05 - 2015-04-25 05:41 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-19 20:05 - 2015-04-25 01:13 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-19 20:00 - 2015-07-19 20:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-08 14:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-08-08 13:53 - 2013-09-21 21:55 - 01910196 _____ C:\Windows\WindowsUpdate.log
2015-08-08 13:39 - 2015-01-04 16:43 - 00034275 _____ C:\Windows\diagwrn.xml
2015-08-08 13:39 - 2015-01-04 16:43 - 00034275 _____ C:\Windows\diagerr.xml
2015-08-08 13:39 - 2013-09-24 19:44 - 00632238 _____ C:\Windows\setupact.log
2015-08-08 13:39 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-08 13:33 - 2015-01-04 16:45 - 00003136 _____ C:\Windows\comsetup.log
2015-08-08 13:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Registration
2015-08-08 13:32 - 2014-11-22 00:00 - 00000000 ___HD C:\$Windows.~BT
2015-08-08 13:18 - 2013-09-21 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 13:16 - 2012-07-26 12:27 - 00753134 _____ C:\Windows\system32\perfh007.dat
2015-08-08 13:16 - 2012-07-26 12:27 - 00155826 _____ C:\Windows\system32\perfc007.dat
2015-08-08 13:16 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 13:15 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-08 13:14 - 2013-09-21 22:01 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-846433983-1932204352-779828525-1001
2015-08-08 13:11 - 2013-09-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-07 17:10 - 2013-09-24 18:42 - 00545238 _____ C:\Windows\PFRO.log
2015-08-07 17:10 - 2013-09-24 18:15 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2015-08-07 17:10 - 2013-09-21 23:43 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-07 17:10 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 17:05 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-07 16:59 - 2012-07-26 12:29 - 00000000 ____D C:\Windows\ShellNew
2015-08-07 15:42 - 2013-09-23 22:46 - 00000000 ____D C:\Windows\system32\MRT
2015-08-05 12:09 - 2013-09-21 23:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-05 12:09 - 2013-09-21 21:55 - 00000000 ____D C:\Users\MARKUS\AppData\Local\VirtualStore
2015-08-05 12:06 - 2014-08-24 20:30 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-05 12:06 - 2014-01-25 12:47 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-05 12:06 - 2013-09-21 23:44 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-05 12:06 - 2013-09-21 23:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-05 12:05 - 2013-09-21 23:43 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-05 11:59 - 2015-04-16 14:07 - 00426040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-05 11:58 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-08-05 11:58 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-05 11:58 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-01 20:11 - 2013-09-23 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-19 20:04 - 2013-09-21 22:59 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-19 20:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2015-07-13 23:22 - 2015-03-20 21:53 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:22 - 2015-03-20 21:53 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-05 12:05 - 2015-08-05 12:05 - 0032038 _____ () C:\Users\MARKUS\AppData\Roaming\Edge.ico

Einige Dateien in TEMP:
====================
C:\Users\MARKUS\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\MARKUS\AppData\Local\Temp\Quarantine.exe
C:\Users\MARKUS\AppData\Local\Temp\ResetDevice.exe
C:\Users\MARKUS\AppData\Local\Temp\sqlite3.dll
C:\Users\MARKUS\AppData\Local\Temp\Uni000.exe
C:\Users\MARKUS\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-02 22:43

==================== Ende von log ============================

schrauber · 09.08.2015, 07:09

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$Recycle.Bin

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe

C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe

C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe

C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe

C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe

C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll

C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll

C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll

C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Phil46 · 10.08.2015, 05:29

Hi,
hier der log..

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-08-2015
durchgeführt von MARKUS (2015-08-10 06:24:20) Run:1
Gestartet von C:\Users\MARKUS\Desktop
Geladene Profile: MARKUS (Verfügbare Profile: MARKUS)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\$Recycle.Bin

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe

C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe

C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe

C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe

C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe

C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe

C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll

C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll

C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll

C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe
Emptytemp:
*****************

C:\$Recycle.Bin => erfolgreich verschoben.
"C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\Firefox - CHIP-Installer.exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ELIT76O\OrbiterInstaller[1].exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YXKRGWYT\Stub[1].exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[1].exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39OD9LU1\VideoPlayerSetup[2].exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[1].exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XANS3CB8\VideoPlayerSetup[2].exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\c8fa73b8e9f64693beccdbb6e4b58208394612.exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\095560c7-e0ca-4baf-abb7-46c69db2e79d\driverscanner.exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\24323a60-e0df-4477-84af-eb7420949621\aff_setup.exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\2d29e209-2993-4832-994e-1515c4d0fad3\propccleanersetup.exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\BExternal.dll" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\B0068F1E-BAB0-7891-8E9A-D81820CBBFBA\Latest\IEHelper.dll" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\DMR\dmr_72.exe" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\nst46A1.tmp\enefxr.dll" => Datei/Ordner nicht gefunden.
"C:\Users\MARKUS\AppData\Local\Temp\xtmp1916893579\UninstallManager.exe" => Datei/Ordner nicht gefunden.
EmptyTemp: => 1.6 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 06:24:32 ====

schrauber · 10.08.2015, 18:22

fertig

Phil46 · 12.08.2015, 15:25

Ja super, herzlichen Dank!��

schrauber · 13.08.2015, 09:47

Gern Geschehen

10.08.2015, 18:22	#11
schrauber /// the machine /// TB-Ausbilder	Youporndeutsch.co Virus/Maleware? fertig __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

13.08.2015, 09:47	#13
schrauber /// the machine /// TB-Ausbilder	Youporndeutsch.co Virus/Maleware? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Youporndeutsch.co Virus/Maleware?

Plagegeister aller Art und deren Bekämpfung: Youporndeutsch.co Virus/Maleware?