Hallo Schrauber,
hier die angeforderten Protokolle:
Malwarebytes Anti-Malware: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 13.01.2015
Suchlauf-Zeit: 20:49:50
Logdatei: mbam3.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.13.15
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Simone
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 383310
Verstrichene Zeit: 23 Min, 57 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 1
PUP.Optional.ClientConnect, C:\Users\Simone\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll, Löschen bei Neustart, [787b24d2fd8c7cba83115c65cc3538c8],
Registrierungsschlüssel: 32
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [1fd449ad3b4ec373da6761c1788bb24e],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [1fd449ad3b4ec373da6761c1788bb24e],
PUP.Optional.Claro.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}, In Quarantäne, [ae45a05658313afc334db234a16119e7],
PUP.Optional.Claro.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}, In Quarantäne, [ae45a05658313afc334db234a16119e7],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, In Quarantäne, [39ba35c1612882b44fcd4aa1e41ed42c],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}, In Quarantäne, [39ba35c1612882b44fcd4aa1e41ed42c],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, In Quarantäne, [a44f35c16b1efe3888959e4de71bf709],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, In Quarantäne, [a44f35c16b1efe3888959e4de71bf709],
PUP.Optional.Claro.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}, In Quarantäne, [02f142b44148b284dfa053931ee406fa],
PUP.Optional.Claro.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}, In Quarantäne, [02f142b44148b284dfa053931ee406fa],
PUP.Optional.Wajam.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [6b88ed09ccbde84e329d47a7758dc040],
PUP.Optional.Wajam.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [6b88ed09ccbde84e329d47a7758dc040],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C547C6C2-561B-4169-A2A5-20BA771CA93B}, In Quarantäne, [886b30c618711422d84674778e74dd23],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C547C6C2-561B-4169-A2A5-20BA771CA93B}, In Quarantäne, [886b30c618711422d84674778e74dd23],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, In Quarantäne, [24cfda1c177264d2c5fb6eb413f0e020],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, In Quarantäne, [3bb8d5218ffa90a6249c6fb308fb6f91],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [3fb4d81e8ffaa294e20b751f0cf7c13f],
PUP.Optional.SavingsSideKick.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhdepfaagokllfmhfbcfmocaeigmoebo, In Quarantäne, [9f54c5318cfd64d2c0307e19df2417e9],
PUP.Optional.SettingsProtector.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgafcinpmmpklohkojmllohdhomoefph, In Quarantäne, [965d56a0c7c2181ecd09353a21e241bf],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [5d9618decfba40f68ab55473c044fe02],
PUP.Optional.Softonic.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Löschen bei Neustart, [e40f05f1e5a4013514b30769fe05aa56],
PUP.Optional.Conduit.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Löschen bei Neustart, [b73c17df4b3e61d502e492e1fc07d42c],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Löschen bei Neustart, [cb289561ea9f38fee9996d07d2317888],
PUP.Optional.SavingsSidekick.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Sidekick, Löschen bei Neustart, [51a23fb7b6d3280e9b2d20780df6ba46],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 Apps, Löschen bei Neustart, [f4ffc92dccbd1224053f4f2fc142b050],
PUP.Optional.BProtector.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [36bdb1452861989eb1d5b7134fb521df],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System Protector, Löschen bei Neustart, [c13234c2ff8aa393b81a90f14fb4aa56],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [b53e1dd98affde587210363eb053bd43],
PUP.Optional.SavingsSidekick.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Sidekick, In Quarantäne, [d1226d89b9d0c076349434641ee5b749],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, In Quarantäne, [47ac6c8a4643e94d31822d6943c0a759],
PUP.Optional.BProtector.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\BPROTECTSETTINGS, In Quarantäne, [06ed20d6a8e11f17d6b0eedcea1ad22e],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [9261cb2b1b6e290d00004f7eae5604fc],
Registrierungswerte: 7
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, %dXH·kQOÂÃ?8Ã?Ž>»X, In Quarantäne, [a44f35c16b1efe3888959e4de71bf709]
PUP.Optional.MindSpark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, In Quarantäne, [cf24678fddacae88a6772cbf3fc3fd03],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{93a3111f-4f74-4ed8-895e-d9708497629e}, In Quarantäne, [c72c46b0b6d3b1851a027a6f9e645ea2],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{93A3111F-4F74-4ED8-895E-D9708497629E}, In Quarantäne, [c72c46b0b6d3b1851a027a6f9e645ea2],
PUP.Optional.CrossFire.SA, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS|5060, Savings Sidekick, Löschen bei Neustart, [9a597f77c7c25bdb9f96622a6d979967]
PUP.BProtector, HKU\S-1-5-21-213347696-1288795008-3362068849-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www.google.de/, Löschen bei Neustart, [1ed5a2540e7b211521204087b84c1de3]
PUP.BProtector, HKU\S-1-5-21-213347696-1288795008-3362068849-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {6A1806CD-94D4-4689-BA73-E35EA1EA9990}, In Quarantäne, [a64d698daadf7fb7f74b1bac12f2847c]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 42
PUP.Optional.OpenCandy, C:\Users\Simone\AppData\Roaming\OpenCandy, In Quarantäne, [eb0862946722290d38202f06cb3857a9],
PUP.Optional.OpenCandy, C:\Users\Simone\AppData\Roaming\OpenCandy\E410CD586F8A4D308F5BBF4000DD1013, In Quarantäne, [eb0862946722290d38202f06cb3857a9],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\html, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\js, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\plugins, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.CrossRider.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0, In Quarantäne, [569d10e64346a78fff716dd43ec58f71],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\History, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.Babylon.A, C:\Users\Saphira2\AppData\LocalLow\BabylonToolbar, In Quarantäne, [52a1639328619a9c597e370f2ad9b14f],
PUP.Optional.Babylon.A, C:\Users\Saphira2\AppData\LocalLow\BabylonToolbar\BabylonToolbar, In Quarantäne, [52a1639328619a9c597e370f2ad9b14f],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\lib, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\defaults, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\locale, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\locale\en-US, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, In Quarantäne, [09ea985e29609f9729aef958a06340c0],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector, In Quarantäne, [648f8c6a52370432085cb6a2937007f9],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates, In Quarantäne, [648f8c6a52370432085cb6a2937007f9],
PUP.Optional.Claro.A, C:\Users\Saphira2\AppData\LocalLow\Claro LTD\claro, In Quarantäne, [b83b31c57118fb3b44b9b6a525dec53b],
PUP.Optional.Claro.A, C:\Users\Simone\AppData\LocalLow\Claro LTD\claro, In Quarantäne, [8370c13550398ea88a7390cb768dce32],
PUP.Optional.SettingsProtector.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph, In Quarantäne, [f7fce0169decaa8c836c81e5659e8977],
PUP.Optional.SettingsProtector.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0, In Quarantäne, [f7fce0169decaa8c836c81e5659e8977],
Dateien: 197
PUP.Optional.ClientConnect, C:\Users\Simone\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll, Löschen bei Neustart, [787b24d2fd8c7cba83115c65cc3538c8],
PUP.Optional.Conduit.A, C:\Program Files (x86)\Jenya_Games_2\Jenya_Games_2ToolbarHelper.exe, In Quarantäne, [40b3af470188c571c2e12af4fd03de22],
PUP.Optional.SearchProtect.A, C:\Users\Simone\AppData\Local\Temp\Runner.exe, In Quarantäne, [cb289c5adcad45f16645c3ebd62bde22],
PUP.Optional.ClientConnect, C:\Users\Simone\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_3.0.0.11.dll, In Quarantäne, [3fb4b83e0b7e1224b7dd9f22b64b03fd],
PUP.Optional.ClientConnect, C:\Users\Simone\AppData\Local\Conduit\Community Alerts\Aler0.dll, In Quarantäne, [db188d69d3b6082eb9db8e33b54c21df],
PUP.Optional.ClientConnect, C:\Users\Simone\AppData\Local\Conduit\Community Alerts\Alert.dll, In Quarantäne, [bc378b6b8affbe784c48eed3c0411ae6],
PUP.Optional.ClientConnect, C:\Users\Simone\AppData\Local\Conduit\CT3299870\Jenya_Games_2AutoUpdateHelper.exe, In Quarantäne, [b63d09ed2a5fde583e56a12042bf669a],
PUP.Optional.Conduit.A, C:\Users\Simone\AppData\Local\Conduit\CT3299870\Jenya_Games_2ToolbarHelper.exe, In Quarantäne, [8d6613e311785adccf7e45fba15f11ef],
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\searchplugins\babylon1.xml, In Quarantäne, [b53ebb3b04852e08571389150ef54bb5],
PUP.Optional.BProtector.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\bProtector_extensions.sqlite, In Quarantäne, [ce2506f0b1d8082e41658323986b9967],
PUP.Optional.BProtector.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\bprotector_prefs.js, In Quarantäne, [1cd708eee7a20531f7b0f5b19a69a65a],
PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml, In Quarantäne, [747f6c8a5c2d67cf4b5c5457b152718f],
PUP.Optional.BProtector.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data, In Quarantäne, [20d39264226754e23e49fcce47bd59a7],
PUP.Optional.BProtector.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences, In Quarantäne, [9261d224ef9aca6c3c4cddedd72da060],
PUP.Optional.OpenCandy, C:\Users\Simone\AppData\Roaming\OpenCandy\E410CD586F8A4D308F5BBF4000DD1013\SymentecRegMech_Gr_p1v1.exe, In Quarantäne, [eb0862946722290d38202f06cb3857a9],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_06-04-2014.log, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_11-29-2014.log, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_11-30-2014.log, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_12-03-2014.log, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_12-12-2014.log, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_12-18-2014.log, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.RegCleanerPro.A, C:\Users\Saphira2\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [a44f24d21871d56108c6d164dc27768a],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\manifest.json, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\priam_icon_128x128.png, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\priam_icon_48x48.png, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\html\background.html, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\js\background.js, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\js\priam.js, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\js\priam_background.js, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\js\priam_chrome.js, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.Wajam.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24\plugins\PriamNPAPI.dll, In Quarantäne, [ea0954a2127765d18c0b191e51b24eb2],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\1.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\2260.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\a.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\b.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\c.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\d.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\e.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\f.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\g.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\h.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\i.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\j.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\k.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\l.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\m.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\n.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\o.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\p.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\q.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\r.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\s.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\t.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\u.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\v.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\w.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\wlu.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\x.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\y.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Saphira2\AppData\LocalLow\PriceGong\Data\z.txt, In Quarantäne, [837084728efb1224853add5bac5732ce],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\1.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\2260.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\4489.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\7031.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\a.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\b.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\c.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\d.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\e.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\f.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\g.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\h.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\i.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\j.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\k.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\l.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\m.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\n.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\o.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\p.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\q.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\r.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\s.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\t.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\u.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\v.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\w.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\wlu.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\x.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\y.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.PriceGong.A, C:\Users\Simone\AppData\LocalLow\PriceGong\Data\z.txt, In Quarantäne, [7c770ceafc8d5adcd8e7e35553b006fa],
PUP.Optional.CrossRider.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0\3, In Quarantäne, [569d10e64346a78fff716dd43ec58f71],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\00088A06, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\00088FDF, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\00089117.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000891F2.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0008926F.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0008930B.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\00089397.cab, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0008952D.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\000895AA.cab, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0008974F.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\00089AA9.cab, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0008A2D3.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0008A3EC.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\0008A488.bmp, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\files.ini, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\History\search3, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\8_step1.gif, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\anemone.js, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\bd_grad.gif, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard.js, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard1.htm, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard2.htm, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_ok.png, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_x.png, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_x2.png, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\index.htm, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\mid_dots.gif, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\mws_logo.gif, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\protect.htm, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\rebut4b.htm, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\shield.png, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\stop.gif, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\systrayp.htm, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Message\COMMON\tp_grad.gif, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings\prevcfg2.htm, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupProperties210425027.html, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\Radio.html, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.MindSpark.A, C:\Users\Saphira2\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\VideosBtn.html, In Quarantäne, [e80b04f250390a2c7587b0956c97639d],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\install.rdf, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\CrossriderEXT.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode\backgroundCode.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode\pageCode.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\chrome\content\lib\reports.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.CrossFire.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\extensions\crossriderapp5060@crossrider.com\skin\update.css, In Quarantäne, [7c777d79acdd0135f2b4d67ade255ea2],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [09ea985e29609f9729aef958a06340c0],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates\aspsetup_update.exe, In Quarantäne, [648f8c6a52370432085cb6a2937007f9],
PUP.Optional.SettingsProtector.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\background.html, In Quarantäne, [f7fce0169decaa8c836c81e5659e8977],
PUP.Optional.SettingsProtector.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\background.js, In Quarantäne, [f7fce0169decaa8c836c81e5659e8977],
PUP.Optional.SettingsProtector.A, C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\manifest.json, In Quarantäne, [f7fce0169decaa8c836c81e5659e8977],
PUP.Optional.CrossRider.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossriderapp5060.adsOldValue", -1);), Ersetzt,[e70c797dcabfa98df0b8894444c138c8]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", true);), Ersetzt,[d61d30c69beea096d5e167660104eb15]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the applicatio), Ersetzt,[38bb07efe9a070c609ad19b448bd2cd4]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP|hxxp://search.babylon.com/?affID=119246&babsrc=HP_ss&mntrId=c64f8273000000000000c417fe55b21f");), Ersetzt,[0ce751a50584b97d7a51c6076d9849b7]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=c64f8273000000000000c417fe55b21f&q=");), Ersetzt,[de15589e7712bb7b321b7b52a65f9868]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (17fe55b21f");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-6), Ersetzt,[e70cbe383356e45277d6913c36cf1de3]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: ();
user_pref("extensions.claro.id", "c64f8273000000000000c417fe55b21f");
user_pref("e), Ersetzt,[9360fafcb9d00a2cba93dcf1897c18e8]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (pref("extensions.claro.id", "c64f8273000000000000c417fe55), Ersetzt,[06edac4ad2b780b62e1fe7e6fe076c94]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (laro.tlbrSrchUrl", "");
user_pref("extensions.claro.id), Ersetzt,[aa49a4525138bd794b026b622bda8c74]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.i), Ersetzt,[10e384728ffa38fe78d587469a6b9070]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (claro.tlbrSrchUrl", "");
user_pref("extensions.claro.id", "c64f827), Ersetzt,[797a23d3aedbf640262725a871946e92]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (rchUrl", "");
user_pref("extensions.claro.id", "c64f82730), Ersetzt,[787b1adc5732fd39a1ac7a53c83d6f91]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (aro.tlbrSrchUrl", "");
user_pref("extensions.claro.id", "c64f8), Ersetzt,[fff4ad493f4a76c088c5fcd107feb947]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (lbrSrchUrl", "");
user_pref("extensions.claro.id", "c), Ersetzt,[dc17579ffd8c5ed8f954c706b84d748c]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (s.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.i), Ersetzt,[9a595f97e5a453e31c31d7f610f5f30d]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (laro.tlbrSrchUrl", "");
user_pref("extensions.claro.i), Ersetzt,[e0134da95039b58128258e3f7f86c33d]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (s.claro.tlbrSrchUrl", "");
user_pref("extensions.claro), Ersetzt,[7b7832c4ccbd5adc6edfcd0024e1c43c]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (.claro.tlbrSrchUrl", "");
user_pref("extensions.clar), Ersetzt,[40b34aac226786b086c7f5d880857a86]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (ns.claro.tlbrSrchUrl", "");
user_pref("extensions.claro), Ersetzt,[6c8791650485a59170dde6e7a065db25]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (claro.tlbrSrchUrl", "");
user_pref("extensions.claro.), Ersetzt,[6b88579f1a6f71c582cbe7e6669fdd23]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (s.claro.tlbrSrchUrl", "");
user_pref("extensions.cl), Ersetzt,[767d05f114758da994b9a32a33d2b050]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (ons.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.id", "c6), Ersetzt,[cb2813e390f920161736b815be4712ee]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (SrchUrl", "");
user_pref("extensions.claro.id", "c6), Ersetzt,[1fd4f006bdccb97df05dcc0124e1f10f]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (ons.claro.tlbrSrchUrl", "");
user_pref("extensions.cl), Ersetzt,[ab488274bacf1c1a55f8f7d6ef161fe1]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (laro.tlbrSrchUrl", "");
user_pref("extensions.claro.), Ersetzt,[8e65f204cebbd85e5df0d4f92ed7d927]
PUP.Optional.Babylon.A, C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js, Gut: (), Schlecht: (ns.claro.tlbrSrchUrl", "");
user_pref("extensions.clar), Ersetzt,[05ee787e88016bcb6ce1c00da560728e]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
AdwCleaner: Code:
# AdwCleaner v4.107 - Bericht erstellt am 13/01/2015 um 21:42:04
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Simone - SIMONE-PC
# Gestartet von : C:\Users\Simone\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Saphira2\AppData\Local\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Users\Saphira2\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Saphira2\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Saphira2\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\Saphira2\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Simone\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Simone\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Simone\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Simone\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Simone\Documents\video download converter
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\user.js
***** [ Tasks ] *****
Task Gelöscht : BrowserProtect
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\80da8fbc3eeb42
Schlüssel Gelöscht : HKLM\SOFTWARE\80da8fbc3eeb42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3299870
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v8.0 (de)
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114508&tt=4412_2&babsrc=HP_clro&mntrId=c64f8273000000000000c417fe55b21f");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userSPSettings", "Claro Search");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114508&tt=4412_2&babsrc=NT_clro&mntrId=c64f8273000000000000c417fe55b21f");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.admin", false);
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.aflt", "babsst");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.dfltLng", "en");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.excTlbr", false);
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.id", "c64f8273000000000000c417fe55b21f");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.instlDay", "15647");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.instlRef", "sst");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.prdct", "claro");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.prtnrId", "claro");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.tlbrId", "claro");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1016:30:53");
[v7m5dzfj.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledAddons", "toolbar@web.de:2.1.4,crossriderapp5060@crossrider.com:0.85.36,{dfefbe51-ca52-484b-adf0-6b158b05262d}:2.4.897.175,{972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0");
-\\ Google Chrome v39.0.2171.95
[C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_2&babsrc=SP_clro&mntrId=c64f8273000000000000c417fe55b21f
[C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119246&babsrc=SP_ss&mntrId=c64f8273000000000000c417fe55b21f
[C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119246&babsrc=SP_ss&mntrId=c64f8273000000000000c417fe55b21f
*************************
AdwCleaner[R0].txt - [9625 octets] - [13/01/2015 21:38:20]
AdwCleaner[S0].txt - [9341 octets] - [13/01/2015 21:42:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9401 octets] ##########
Junkware Removal Tool: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Simone on 13.01.2015 at 21:54:34,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4f9f5e3-1ff4-4c0b-b933-5b287a439842}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{e4f9f5e3-1ff4-4c0b-b933-5b287a439842}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\BABYLONTOOLBARSRV.EXE-D327A81F.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-316F10F7.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.01.2015 at 21:59:22,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015
Ran by Simone (administrator) on SIMONE-PC on 13-01-2015 22:04:17
Running from C:\Users\Simone\Desktop
Loaded Profile: Simone (Available profiles: Simone & Saphira2)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [306472 2009-11-13] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2010-01-18] (Acer Corp.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-213347696-1288795008-3362068849-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-22] (Google Inc.)
HKU\S-1-5-21-213347696-1288795008-3362068849-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-213347696-1288795008-3362068849-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
GroupPolicyUsers\S-1-5-21-213347696-1288795008-3362068849-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-213347696-1288795008-3362068849-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360111e125l04g4z195t4402d288
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360111e125l04g4z195t4402d288
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360111e125l04g4z195t4402d288
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-213347696-1288795008-3362068849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-213347696-1288795008-3362068849-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Jenya Games 2 Toolbar - {e4f9f5e3-1ff4-4c0b-b933-5b287a439842} - C:\Program Files (x86)\Jenya_Games_2\prxtbJeny.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-213347696-1288795008-3362068849-1000 - Jenya Games 2 Toolbar - {e4f9f5e3-1ff4-4c0b-b933-5b287a439842} - C:\Program Files (x86)\Jenya_Games_2\prxtbJeny.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-213347696-1288795008-3362068849-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE414DE416
SearchScopes: HKU\S-1-5-21-213347696-1288795008-3362068849-1000 -> {61DA6A37-4EE0-4757-8EB3-C5563ECB7AE6} URL =
SearchScopes: HKU\S-1-5-21-213347696-1288795008-3362068849-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE414DE416
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx (Microsoft Corporation)
Toolbar: HKLM-x32 - Jenya Games 2 Toolbar - {e4f9f5e3-1ff4-4c0b-b933-5b287a439842} - C:\Program Files (x86)\Jenya_Games_2\prxtbJeny.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-213347696-1288795008-3362068849-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-213347696-1288795008-3362068849-1000 -> No Name - {E4F9F5E3-1FF4-4C0B-B933-5B287A439842} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWow64\Msdxm6.ocx (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\v7m5dzfj.default\Extensions\toolbar@web.de.xpi [2011-12-30]
FF HKU\S-1-5-21-213347696-1288795008-3362068849-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-23]
CHR Extension: (Google-Suche) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-23]
CHR Extension: (Google Mail) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-08] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 21:59 - 2015-01-13 21:59 - 00002119 _____ () C:\Users\Simone\Desktop\JRT.txt
2015-01-13 21:54 - 2015-01-13 21:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-13 21:53 - 2015-01-13 21:53 - 01707939 _____ (Thisisu) C:\Users\Simone\Desktop\JRT.exe
2015-01-13 21:44 - 2015-01-13 21:44 - 00009529 _____ () C:\Users\Simone\Desktop\AdwCleaner[S0].txt
2015-01-13 21:38 - 2015-01-13 21:42 - 00000000 ____D () C:\AdwCleaner
2015-01-13 21:36 - 2015-01-13 21:36 - 02191360 _____ () C:\Users\Simone\Desktop\AdwCleaner_4.107.exe
2015-01-13 21:30 - 2015-01-13 21:30 - 00052476 _____ () C:\Users\Simone\Desktop\mbam.txt
2015-01-13 20:47 - 2015-01-13 21:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 20:47 - 2015-01-13 20:47 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-13 20:47 - 2015-01-13 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-13 20:47 - 2015-01-13 20:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-13 20:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 20:47 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 20:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 20:45 - 2015-01-13 20:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Simone\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-12 23:53 - 2015-01-12 23:53 - 00021519 _____ () C:\Users\Simone\Desktop\combofix.txt
2015-01-12 23:49 - 2015-01-12 23:49 - 00021519 _____ () C:\ComboFix.txt
2015-01-12 23:29 - 2015-01-12 23:49 - 00000000 ____D () C:\Qoobox
2015-01-12 23:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-12 23:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-12 23:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-12 23:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-12 23:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-12 23:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-12 23:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-12 23:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-12 23:23 - 2015-01-13 21:20 - 00000000 ____D () C:\Windows\erdnt
2015-01-12 23:20 - 2015-01-12 23:20 - 05609736 ____R (Swearware) C:\Users\Simone\Desktop\ComboFix.exe
2015-01-12 22:21 - 2015-01-12 22:21 - 00000744 _____ () C:\Users\Simone\Desktop\Revo Uninstaller.lnk
2015-01-12 22:19 - 2015-01-12 22:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Simone\Desktop\revosetup95.exe
2015-01-12 19:55 - 2015-01-12 19:58 - 00028320 _____ () C:\Users\Simone\Desktop\Addition.txt
2015-01-12 19:53 - 2015-01-13 22:05 - 00017401 _____ () C:\Users\Simone\Desktop\FRST.txt
2015-01-12 19:53 - 2015-01-13 22:04 - 00000000 ____D () C:\FRST
2015-01-12 19:51 - 2015-01-12 19:51 - 00000474 _____ () C:\Users\Simone\Desktop\defogger_disable.log
2015-01-12 19:51 - 2015-01-12 19:51 - 00000000 _____ () C:\Users\Simone\defogger_reenable
2015-01-12 19:50 - 2015-01-12 19:50 - 02124288 _____ (Farbar) C:\Users\Simone\Desktop\FRST64.exe
2015-01-12 19:48 - 2015-01-12 19:48 - 00050477 _____ () C:\Users\Simone\Desktop\Defogger.exe
2015-01-10 00:15 - 2015-01-10 00:29 - 3192264704 _____ () C:\Users\Simone\Desktop\X15-65741.iso
2015-01-04 19:25 - 2015-01-04 19:25 - 00000000 ____D () C:\Users\Simone\Documents\My Weblog Posts
2015-01-04 19:25 - 2015-01-04 19:25 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\Windows Live Writer
2015-01-04 19:24 - 2015-01-04 19:25 - 00000000 ____D () C:\Users\Simone\AppData\Local\Windows Live Writer
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 22:01 - 2013-06-28 16:45 - 00000286 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2015-01-13 22:01 - 2013-06-28 16:45 - 00000000 ____D () C:\Program Files (x86)\PC Tools Registry Mechanic
2015-01-13 22:01 - 2011-01-16 21:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 22:01 - 2010-11-09 22:31 - 00000000 ____D () C:\ProgramData\Temp
2015-01-13 22:01 - 2010-11-09 22:21 - 01793576 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 22:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 22:01 - 2009-07-14 05:51 - 00099109 _____ () C:\Windows\setupact.log
2015-01-13 21:51 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 21:51 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 21:49 - 2010-11-10 07:11 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2015-01-13 21:49 - 2010-11-10 07:11 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2015-01-13 21:49 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 21:46 - 2012-04-10 10:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 21:43 - 2010-11-09 22:15 - 00291338 _____ () C:\Windows\PFRO.log
2015-01-13 21:37 - 2011-01-16 21:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 21:18 - 2013-06-28 16:43 - 00000000 ____D () C:\Program Files (x86)\Jenya_Games_2
2015-01-13 20:47 - 2012-11-03 16:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 20:46 - 2012-04-10 10:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 20:46 - 2012-04-10 10:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 20:46 - 2011-12-27 10:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 23:45 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-12 19:51 - 2011-01-14 18:42 - 00000000 ____D () C:\Users\Simone
2015-01-12 19:41 - 2011-12-10 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-12 19:40 - 2013-06-28 16:29 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\Skype
2015-01-12 19:40 - 2013-06-28 16:29 - 00000000 ____D () C:\ProgramData\Skype
2015-01-08 07:05 - 2014-06-09 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-08 07:04 - 2014-06-09 15:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-06 13:50 - 2014-11-21 21:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 23:13 - 2013-06-28 16:45 - 00000286 _____ () C:\Windows\Tasks\RMSchedule.job
2015-01-04 19:00 - 2013-07-03 18:00 - 00000414 _____ () C:\Windows\SysWOW64\AppLog.log
2014-12-18 20:45 - 2013-10-06 17:35 - 00001350 _____ () C:\Users\Saphira2\Desktop\Clean Registry for Free!.lnk
2014-12-17 20:55 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\Simone\AppData\Local\Temp\avgnt.exe
C:\Users\Simone\AppData\Local\Temp\Quarantine.exe
C:\Users\Simone\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-04 21:14
==================== End Of Log ============================ --- --- ---
addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by Simone at 2015-01-13 22:06:01
Running from C:\Users\Simone\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1 (HKLM-x32\...\{1C17CC71-2559-4819-88FF-EF2978986BB1}_is1) (Version: - S-A-D)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7319 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7319 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.102.2002.209 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Christmasville (HKLM-x32\...\{D178746E-0919-424E-88A7-81A0E46FF03E}) (Version: 1.00.0000 - Purplehills)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cooking Dash(R) 3 - Thrills & Spills (HKLM-x32\...\08ab9cbf5344299c7d466bd8e94d7e0a) (Version: - )
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
Delicious - Emily's True Love Deluxe (HKLM-x32\...\c40ba4951166b25188105b97864d7512) (Version: - )
Der Stein der Weisen (HKLM-x32\...\Der Stein der Weisen) (Version: - )
Die Jaeger des Geisterhauses 2 (HKLM-x32\...\Die Jaeger des Geisterhauses 2) (Version: 1.0 - Rondomedia)
Die Legende von Pocahontas (HKLM-x32\...\{00B52299-F42A-40C3-8232-F987B86E3FD6}_is1) (Version: - cerasus.media GmbH)
Die Sims™ 2 (HKLM-x32\...\{2C82E097-694E-44ea-A947-2750679469CF}) (Version: - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Fiesta Online DE (HKLM-x32\...\Fiesta Online DE) (Version: 1.04.168 - Gamigo games)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Holly - Ein Weihnachtsmärchen (HKLM-x32\...\{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}) (Version: 1.00.0000 - Purplehills)
Holly im Wunderland (HKLM-x32\...\Holly im Wunderland) (Version: - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Jäger des Geisterhauses (HKLM-x32\...\Jäger des Geisterhauses_is1) (Version: - Rondomedia GmbH)
Jenya Games 2 Toolbar (HKLM-x32\...\Jenya_Games_2 Toolbar) (Version: 6.13.3.505 - Jenya Games 2)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Katy and Bob - Way Back Home (HKLM-x32\...\1e02170593d9ccb9b0fde61815a4d0a4) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 8.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 8.0 (x86 de)) (Version: 8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.5 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
PC Tools Registry Mechanic 11.1 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
Pineview Drive (HKLM-x32\...\Steam App 288880) (Version: - VIS - Visual Imagination Software)
PirateVille (HKLM-x32\...\PirateVille) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sally's Salon (HKLM-x32\...\bab3573d4d9b902ade5e750cb61a6c3f) (Version: - )
secrets of tahiti (HKLM-x32\...\secrets of tahiti) (Version: - )
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wizard101(DE) (HKU\S-1-5-21-213347696-1288795008-3362068849-1000\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH)
Zoo Safari (HKLM-x32\...\Zoo Safari_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
Zuma Deluxe (HKLM-x32\...\991f99f096d8e5496b7bc09fa0270ff4) (Version: - )
Zuma's Revenge!(TM) (HKLM-x32\...\9e355f5d79e9bfe6c16a3c3e03255ace) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-12-2014 14:30:20 Windows Update
18-12-2014 21:10:24 Windows Update
19-12-2014 21:04:18 Windows Update
04-01-2015 21:20:58 Geplanter Prüfpunkt
05-01-2015 23:15:05 Windows Update
06-01-2015 16:57:30 Windows Update
08-01-2015 07:04:17 Windows Update
10-01-2015 00:47:44 Windows Update
12-01-2015 19:39:28 Removed Skype™ 6.20
12-01-2015 19:40:39 Removed Skype Click to Call
12-01-2015 20:19:03 Windows Update
12-01-2015 22:23:58 Revo Uninstaller's restore point - Advanced-System Protector
12-01-2015 22:37:05 Revo Uninstaller's restore point - Babylon toolbar
12-01-2015 22:44:22 Wiederherstellungsvorgang
12-01-2015 23:02:20 Revo Uninstaller's restore point - BrowserProtect
12-01-2015 23:07:00 Revo Uninstaller's restore point - Claro LTD toolbar
12-01-2015 23:09:36 Revo Uninstaller's restore point - Optimizer Pro v3.0
12-01-2015 23:11:15 Revo Uninstaller's restore point - RegClean Pro
12-01-2015 23:14:37 Revo Uninstaller's restore point - Video Download Converter version 1.0.0.0
12-01-2015 23:15:38 Revo Uninstaller's restore point - VideoDownloadConverter Toolbar
12-01-2015 23:16:47 Revo Uninstaller's restore point - Wajam
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0764CEC8-B31A-4C89-A1C2-931483368989} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {1AD67FAA-56F8-4EEC-B8F0-0315304D6739} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {2A3F53D7-9E01-4D55-BC18-E2C856A3CF22} - System32\Tasks\RMSchedule => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-08-21] (PC Tools)
Task: {970FB604-C1F4-4D49-BF27-D4B2F201F2AD} - System32\Tasks\{63B92A31-A0BD-4816-8FB0-053ACD4D013A} => C:\Program Files (x86)\EA GAMES\Die Sims 2\Base\TSBin\Sims2Launcher.exe [2009-07-13] (Electronic Arts)
Task: {B6DD2BA3-D2B6-4287-942F-3054D929D1B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {BC1E5CDC-0D7E-4FCE-B381-334B08FBFF83} - System32\Tasks\RMAutoUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2012-08-21] (PC Tools)
Task: {D3E26ADA-897A-42F9-9B4A-5ABEA474196F} - System32\Tasks\Norton Security Scan for Simone => C:\Program Files (x86)\Norton Security Scan\Engine\3.7.2.5\Nss.exe [2012-04-03] (Symantec Corporation)
Task: {D533EDD0-1D40-403B-9C18-E27AA99FB116} - System32\Tasks\{07D0D82D-B9C6-4811-8D27-7E772CB52F6B} => C:\Program Files (x86)\EA GAMES\Die Sims 2\Base\TSBin\Sims2Launcher.exe [2009-07-13] (Electronic Arts)
Task: {DFD3C836-F3D9-4CDD-8A3B-42EF218994D4} - System32\Tasks\{6D13A28A-6AC1-44BC-90D3-C3BC6B3B55EA} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Simone.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: C:\Windows\Tasks\RMAutoUpdate.job => C:\Program Files (x86)\PC Tools Registry Mechanic\SULauncher.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-213347696-1288795008-3362068849-500 - Administrator - Disabled)
Gast (S-1-5-21-213347696-1288795008-3362068849-501 - Limited - Disabled)
Saphira2 (S-1-5-21-213347696-1288795008-3362068849-1003 - Limited - Enabled) => C:\Users\Saphira2
Simone (S-1-5-21-213347696-1288795008-3362068849-1000 - Administrator - Enabled) => C:\Users\Simone
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-12 23:44:14.151
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-12 23:44:13.948
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 39%
Total physical RAM: 3001.98 MB
Available physical RAM: 1815.4 MB
Total Pagefile: 6002.09 MB
Available Pagefile: 4633.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:284.32 GB) (Free:204.37 GB) NTFS
Drive d: (Sims2) (CDROM) (Total:2.77 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 23618F6A)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Jaja, ich seh' schon, hier wurde tatsächlich Malware gesammelt. :)
Mein Dank an Dich ist größer als die Protokolle lang sind :)
ochnee |