Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Avira meldete öfters "TR/Agent.2565248 wurde geblockt" (https://www.trojaner-board.de/160509-avira-meldete-oefters-tr-agent-2565248-wurde-geblockt.html)

JustBlue 07.11.2014 20:47
Avira meldete öfters "TR/Agent.2565248 wurde geblockt"
 
Hallo,

vorab: Ich bin ein absoluter Laie in Sachen Computer. Nachdem ich mir hier einige Probleme und deren Behebung angeschaut habe, schwirrt mir der Kopf. Ich hoffe dennoch, mit Eurer Hilfe klarzukommen und bitte im Voraus zu entschuldigen, wenn ich Fragen wie "was ist ein log?" stelle.
Nun meine konkrete Verwirrung: Seit mehreren Tagen bekomme ich von avira 1x am Tag etwa die Meldung: "Der Zugriff auf die Datei C:/Windows/System32/config/.../DefaultTabSetup.exe mit dem Virus oder dem unerwünschten Programm TR/Agent.2565248 wurde blockiert."
Da ich verunsichert bin, ob "blockiert" auch bedeutet, dass mein Compi wirklich geschützt wurde, wollte ich hier nachfragen. Ich habe vorhin "Malwarebytes Anti-Malware" runtergeladen und einen Scann gemacht, der 201 Objekte fand. Was das für Objekte waren, weiß ich nicht. Ich hab sie in die Quarantäne geschoben.
Meine Frage nochmal: Ist mein Computer sauber und geschützt oder sollte ich noch etwas zusätzlich unternehmen?
Streckenweise läuft er sehr langsam und nach dem Scann und Neustart von eben erschien bei mir erst länger ein schwarzer Bildschirm mit Pfeil, bevor Windows gestartet ist. Da ich gelesen habe, dass manche dieses Problem heute auch hatten (stand hier im Forum), habe ich Angst, dass da noch etwas ist und ich nach dem Ausschalten nicht mehr hochfahren kann.
Zur Info: Ich besitze nur diesen einen Computer (Laptop), falls was ist, kann ich also nirgends ins Netz, um mir Hilfe zu holen.

Wäre sehr dankbar für eine Hilfestellung.

Viele Grüße, JustBlue

Machiavelli 07.11.2014 21:04
Zitat:
Meine Frage nochmal: Ist mein Computer sauber und geschützt oder sollte ich noch etwas zusätzlich unternehmen?
Sorry, bin kein Hellseher.

=================

http://filepony.de/icon/malwarebytes_anti_malware.pngMBAM-Funde posten: So gehts...
Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden.
Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
  • Starte MBAM.
  • Klicke auf Verlauf.
  • Klicke auf Anwendungsprotokolle.
  • Klicke auf das letzte Suchlaufprotokoll mit Funden.
  • Klicke auf "In Zwischenablage kopieren".
  • Poste den Inhalt in Code-Tags [CODE] [/CODE] durch Einfügen mit Strg+V als Antwort in Deinen Thread.
http://deeprybka.trojaner-board.de/b...mbamposten.gif


===================

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


JustBlue 07.11.2014 21:23
Die Datei FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by JUST BLUE (administrator) on JUSTBLUE-PC on 07-11-2014 21:13:01
Running from C:\Users\JUST BLUE\Downloads
Loaded Profiles: JUST BLUE &  (Available profiles: JUST BLUE)
Platform: Microsoft Windows 7 Starter  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
() C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
() C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
() C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
() C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Flux Software LLC) C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-03-24] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-03-24] (Synaptics Incorporated)
HKLM\...\Run: [ASUS VIBE] => C:\Program Files\ASUS\ASUS VIBE\ASUS VIBE.exe [102400 2010-03-02] (ecm)
HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960 2009-12-29] ()
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1166256 2010-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [751592 2010-01-29] ()
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [440224 2010-02-05] (ASUS)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-02-09] ()
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8432160 2010-03-24] (Realtek Semiconductor)
HKLM\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-25] ()
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-03-25] (ASUSTek Computer Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-07-07] (PowerISO Computing, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\Run: [f.lux] => C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\JUST BLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trimarga-yoga.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ie_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ie-21&tbrId=v1_abb-channel-24_2b7baa4ddde44786972731a4e989935c_39_1007_20131030_DE_ie_ds_&query={searchTerms}
SearchScopes: HKCU - {40D3788C-AB24-4355-B730-923FC6AB7E0D} URL = hxxp://www.mysearchresults.com/search?c=8005&t=11&q={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ie_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ie-21&tbrId=v1_abb-channel-24_2b7baa4ddde44786972731a4e989935c_39_1007_20131030_DE_ie_ds_&query={searchTerms}
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default
FF SearchEngineOrder.1: Amazon
FF Homepage: www.trimarga-yoga.de
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_2b7baa4ddde44786972731a4e989935c_39_1007_20131030_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-10-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=8005&t=11
CHR Profile: C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]
CHR Extension: (YouTube) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google-Suche) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Avira Browser Safety) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-11]
CHR Extension: (Google Wallet) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]
CHR HKCU\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files\Amazon\ABB\AmazonChrome-bds-amzn.crx [2013-07-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-24] (Adobe Systems) [File not signed]
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-09-21] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-03-04] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2010-03-24] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2010-03-24] ( )
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-07] (Malwarebytes Corporation)
R1 SCDEmu; C:\windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R2 SSPORT; C:\windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 21:13 - 2014-11-07 21:14 - 00019627 _____ () C:\Users\JUST BLUE\Downloads\FRST.txt
2014-11-07 21:11 - 2014-11-07 21:13 - 00000000 ____D () C:\FRST
2014-11-07 21:09 - 2014-11-07 21:10 - 01106432 _____ (Farbar) C:\Users\JUST BLUE\Downloads\FRST.exe
2014-11-07 18:35 - 2014-11-07 19:49 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-07 18:35 - 2014-11-07 18:35 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-07 18:35 - 2014-11-07 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-07 18:34 - 2014-11-07 18:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-07 18:34 - 2014-11-07 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 18:34 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-07 18:34 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-07 18:34 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-07 18:29 - 2014-11-07 18:32 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\JUST BLUE\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-07 18:20 - 2014-11-07 18:25 - 36249264 _____ () C:\Users\JUST BLUE\Downloads\FirefoxSetup33.0.3.exe
2014-11-05 20:48 - 2014-11-05 20:48 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-04 22:57 - 2014-11-04 22:57 - 00000000 ____D () C:\ProgramData\dtdata
2014-10-29 09:21 - 2014-11-06 14:56 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\SCHREIBEN-Projekte NEU
2014-10-20 07:00 - 2014-10-20 07:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-20 06:59 - 2014-10-20 06:58 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-10-20 06:58 - 2014-10-20 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 06:58 - 2014-10-20 06:58 - 00000000 ____D () C:\Program Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 20:55 - 2013-09-06 14:16 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 20:20 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 20:20 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 19:19 - 2010-08-26 09:22 - 02082766 _____ () C:\windows\WindowsUpdate.log
2014-11-07 19:14 - 2013-09-06 14:16 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 19:14 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-07 19:13 - 2014-01-04 14:51 - 06616712 _____ () C:\windows\PFRO.log
2014-11-07 19:13 - 2012-09-28 06:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 19:13 - 2009-07-14 05:39 - 00141404 _____ () C:\windows\setupact.log
2014-11-07 19:13 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-11-07 18:27 - 2014-05-27 19:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 18:27 - 2012-09-28 06:38 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-07 17:36 - 2009-07-25 08:50 - 01498506 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-06 13:01 - 2013-09-17 13:44 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\BEWERBUNG
2014-11-06 13:00 - 2014-07-24 08:20 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\KDP-CS
2014-11-05 20:48 - 2014-03-11 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-05 20:48 - 2014-03-11 20:42 - 00000000 ____D () C:\Program Files\Avira
2014-11-05 20:48 - 2014-03-11 20:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-05 19:28 - 2014-06-17 14:29 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\SCHATTENBLAU E-BOOK
2014-11-03 23:00 - 2013-10-30 10:40 - 00000306 __RSH () C:\Users\JUST BLUE\ntuser.pol
2014-11-03 23:00 - 2010-08-25 18:38 - 00000000 ____D () C:\Users\JUST BLUE
2014-11-03 08:44 - 2013-06-29 15:33 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\AGI
2014-10-27 21:37 - 2014-04-21 21:36 - 00000000 ____D () C:\Users\Public\Util
2014-10-22 09:47 - 2014-07-26 21:24 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Schattenblau FINALE DOKUMENTE
2014-10-21 11:51 - 2009-07-14 05:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-20 07:00 - 2014-05-08 14:23 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\WEBSITE KARLA FABRY
2014-10-20 07:00 - 2013-11-14 14:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 10:07 - 2014-08-16 13:41 - 00260608 ____H () C:\Users\JUST BLUE\Desktop\~WRL1500.tmp
2014-10-15 08:42 - 2014-08-16 13:41 - 00256512 ____H () C:\Users\JUST BLUE\Desktop\~WRL2583.tmp
2014-10-13 12:03 - 2014-08-16 13:41 - 00255488 ____H () C:\Users\JUST BLUE\Desktop\~WRL0696.tmp
2014-10-12 18:54 - 2014-02-16 21:01 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Documents\My Kindle Content
2014-10-12 12:03 - 2013-03-21 10:11 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\TRIMARGA-YOGA-UNTERLAGEN KURS
2014-10-11 11:38 - 2014-09-24 08:14 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Bookrix
2014-10-10 11:59 - 2014-05-05 08:24 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Documents\Calibre-Bibliothek
2014-10-09 14:44 - 2014-03-14 07:55 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-09 14:44 - 2014-03-11 21:03 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-09 14:44 - 2014-03-11 21:03 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat
C:\Users\JUST BLUE\chromeinstall-7u45.exe
C:\Users\JUST BLUE\KindlePreviewer.exe
C:\Users\JUST BLUE\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
C:\Users\JUST BLUE\PDF XChange Viewer Portable - CHIP-Installer.exe
C:\Users\Public\AlexaNSISPlugin.3704.dll


Some content of TEMP:
====================
C:\Users\JUST BLUE\AppData\Local\Temp\avgnt.exe
C:\Users\JUST BLUE\AppData\Local\Temp\AviraSetup329037.exe
C:\Users\JUST BLUE\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\ResetDevice.exe
C:\Users\JUST BLUE\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\JUST BLUE\AppData\Local\Temp\swt-win32-3452.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 11:55

==================== End Of Log ============================
--- --- ---

--- --- ---



Adition-Datei
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by JUST BLUE at 2014-11-07 21:15:36
Running from C:\Users\JUST BLUE\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe InDesign CS2 (HKLM\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.182 - Ecareme, Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.03.06 - ASUSTeK Computer Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Avira (HKLM\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{E1E819A4-112C-454D-A3BE-FB58C60A2D80}) (Version: 1.40.0 - Kovid Goyal)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.2 - AsusTek Computer)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Desktopicon amazon.de (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 - )
Dream Day Wedding Married in Manhattan (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
ebi.BookReader3J (HKLM\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.2.3 - )
Eee Docking 3.6.2 (HKLM\...\Eee Docking_is1) (Version: 3.6.2 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0010 - ASUS)
EeeSplendid (Version: 5.1.2.0010 - ASUS) Hidden
f.lux (HKCU\...\Flux) (Version:  - )
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Game Park Console (HKLM\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.20 - AsusTek Computer)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{778511E7-621D-4CEE-AF1E-93432132C706}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM\...\{73DB9F06-C125-4A1C-A982-5801338EBE84}) (Version: 28.0.0 - Hewlett Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.21 - Asus)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PowerISO (HKLM\...\PowerISO) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6028 - Realtek Semiconductor Corp.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.10 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated)
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (Version: 2.055 - The New York Times Company) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-10-2014 17:01:40 Windows-Sicherung
28-10-2014 18:33:14 Windows-Sicherung
04-11-2014 19:11:01 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {101F37F4-D489-42E4-869D-E6DB17EA9832} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {4B940130-B7AE-49C1-BF0D-520BE04F1D6F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {60ACE5F5-A47D-405F-89CA-5A193D072EE7} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2014-11-04] ()
Task: {CA041AFC-2DCF-49C2-9E51-D97F3A1654CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {E50605A5-8E92-4C9C-A783-90EE73CF4F70} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2014-11-04] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-19 07:28 - 2011-06-21 08:42 - 00024064 _____ () C:\windows\System32\sst3cl3.dll
2013-09-21 15:36 - 2013-09-21 15:36 - 00358968 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-25 12:51 - 2010-03-04 01:55 - 00224680 _____ () C:\Windows\System32\AsusService.exe
2010-03-25 12:46 - 2009-12-29 23:28 - 00104960 _____ () C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
2010-03-25 13:10 - 2010-02-09 00:20 - 00415920 _____ () C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-01-29 19:18 - 2010-01-29 19:18 - 00751592 _____ () C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
2010-01-29 19:17 - 2010-01-29 19:17 - 00120808 _____ () C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
2009-08-28 00:29 - 2009-08-28 00:29 - 00182240 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2010-01-29 19:23 - 2010-01-29 19:23 - 00161768 _____ () C:\Program Files\Asus\LiveUpdate\Enumeration.dll
2009-08-03 00:05 - 2009-08-03 00:05 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-09-21 15:36 - 2013-09-21 15:36 - 00510520 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-03-25 14:10 - 2010-03-25 14:10 - 00030032 _____ () C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-03-25 14:10 - 2010-03-25 14:10 - 00839680 _____ () C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-10-28 20:57 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 20:57 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-04-10 10:57 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 10:57 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1224509571-4137203753-525113506-500 - Administrator - Disabled)
Gast (S-1-5-21-1224509571-4137203753-525113506-501 - Limited - Disabled)
JUST BLUE (S-1-5-21-1224509571-4137203753-525113506-1000 - Administrator - Enabled) => C:\Users\JUST BLUE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 03:47:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21635280

Error: (11/07/2014 03:47:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21635280

Error: (11/07/2014 03:47:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 03:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21624422

Error: (11/07/2014 03:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21624422

Error: (11/07/2014 03:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 09:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15319

Error: (11/07/2014 09:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15319

Error: (11/07/2014 09:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 09:22:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0, Zeitstempel: 0x52b3b87c
Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version: 0.0.0.0, Zeitstempel: 0x52b3b87c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002c80
ID des fehlerhaften Prozesses: 0x650
Startzeit der fehlerhaften Anwendung: 0xDefaultTabSearch.exe0
Pfad der fehlerhaften Anwendung: DefaultTabSearch.exe1
Pfad des fehlerhaften Moduls: DefaultTabSearch.exe2
Berichtskennung: DefaultTabSearch.exe3


System errors:
=============
Error: (11/07/2014 07:14:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/07/2014 05:12:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (11/07/2014 09:30:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (11/07/2014 09:25:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows-Dienst für Schriftartencache" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/07/2014 09:25:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Dienst für Schriftartencache erreicht.

Error: (11/07/2014 09:24:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/07/2014 09:24:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/06/2014 10:14:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.

Error: (11/06/2014 08:13:18 AM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT-AUTORITÄT)
Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren.

Error: (11/06/2014 08:12:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


Microsoft Office Sessions:
=========================
Error: (11/07/2014 03:47:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21635280

Error: (11/07/2014 03:47:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21635280

Error: (11/07/2014 03:47:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 03:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21624422

Error: (11/07/2014 03:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21624422

Error: (11/07/2014 03:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 09:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15319

Error: (11/07/2014 09:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15319

Error: (11/07/2014 09:46:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/07/2014 09:22:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DefaultTabSearch.exe0.0.0.052b3b87cDefaultTabSearch.exe0.0.0.052b3b87cc000000500002c8065001cffa63f7bd0782C:\Program Files\DefaultTab\DefaultTabSearch.exeC:\Program Files\DefaultTab\DefaultTabSearch.exe3ede445a-6657-11e4-af68-1c4bd60ada8f


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 86%
Total physical RAM: 1014.18 MB
Available physical RAM: 132.11 MB
Total Pagefile: 2196.18 MB
Available Pagefile: 436.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:58.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:44.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E6086D7A)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=122.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=18 MB) - (Type=EF)

==================== End Of Log ============================
Ich hoffe, das ist alles richtig so gepostet. Danke zwischendurch :-))

und noch die Daten vom Malware:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 07.11.2014
Suchlauf-Zeit: 18:37:12
Logdatei:
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.07.04
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: JUST BLUE

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295920
Verstrichene Zeit: 30 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe, 1952, Löschen bei Neustart, [fcf4ca6ea8d441f5f3e522ffd12fac54]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 32
PUP.Optional.DefaultTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DefaultTabUpdate, In Quarantäne, [fcf4ca6ea8d441f5f3e522ffd12fac54],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\TYPELIB\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\INTERFACE\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\INTERFACE\{BE89FFB3-7F9C-4A16-B475-98B195A06628}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowser.1, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowser, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX.1, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\INPROCSERVER32, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{38495740-0035-4471-851E-F5BBB86AB085}, In Quarantäne, [658b9d9ba2da31057fca5463c53d54ac],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, In Quarantäne, [b23ef147cfad56e07ad02d8a758d40c0],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, In Quarantäne, [f5fb82b69ddfe84e37159423a85ad729],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, In Quarantäne, [638dbf79ea927bbb0b425067a35fae52],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\DefaultTabBHO.DLL, In Quarantäne, [d41c71c70a72fe38ae73cba042c1a35d],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\DEFAULT TAB, In Quarantäne, [a34d63d591ebe155fb28f972b44f6898],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kdidombaedgpfiiedeimiebkmbilgmlc, In Quarantäne, [5f918eaa196346f0e2df6adcbe45c040],
PUP.Optional.DefaultTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DefaultTabSearch, In Quarantäne, [98587dbbc1bb5cdaf98f225957ada858],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Löschen bei Neustart, [11df50e8afcd1b1b988df77422e142be],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, Löschen bei Neustart, [7c7478c06616bc7aca5a7deeaf5402fe],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Löschen bei Neustart, [fdf347f193e9e84e1c0952190ff415eb],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, Löschen bei Neustart, [cd2397a13f3d42f4b76db1ba7f8446ba],
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, Löschen bei Neustart, [aa46ef49b0cc9b9b1ad32163d133936d],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DefaultTab, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],

Registrierungswerte: 3
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\DEFAULT TAB|Version, 2.5.0.0, In Quarantäne, [a34d63d591ebe155fb28f972b44f6898]
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.5.0.0, Löschen bei Neustart, [7c7478c06616bc7aca5a7deeaf5402fe]
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.3.3.0, Löschen bei Neustart, [cd2397a13f3d42f4b76db1ba7f8446ba]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 34
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\components, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale\en-US, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\_locales, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\_locales\en, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\jetpack\abb@amazon.com, In Quarantäne, [a848cb6d7b016cca8771df2373901be5],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\jetpack\abb@amazon.com\simple-storage, In Quarantäne, [a848cb6d7b016cca8771df2373901be5],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab, Löschen bei Neustart, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab, Löschen bei Neustart, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\Apps, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\Apps, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],

Dateien: 166
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe, Löschen bei Neustart, [fcf4ca6ea8d441f5f3e522ffd12fac54],
PUP.Optional.DefaultTab, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll, In Quarantäne, [ab4595a3bdbfc670927d180530d119e7],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe, In Quarantäne, [fdf348f08cf01620b45b938ad130a858],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe, In Quarantäne, [2cc41d1b720ab086947bff1ee31ed42c],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll, In Quarantäne, [816fb781d5a7989e2be479a48f72bc44],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll, In Quarantäne, [35bbd365522a152149c6cd507e838e72],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabSetup.exe, In Quarantäne, [a05073c5710b96a0fa7ea488bf41738d],
PUP.Optional.DefaultTab, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe, In Quarantäne, [d7191f19314b3ff78d82bc617e8357a9],
PUP.Optional.DefaultTab, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe, In Quarantäne, [6987f0485c207fb719f6b16cfe0311ef],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\extensions\abb@amazon.com.xpi, In Quarantäne, [945c63d5e5970e28df9284d9d62d48b8],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\extensions\addon@defaulttab.com.xpi, In Quarantäne, [fcf453e55923a6901e8578e50df67e82],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTabSearch.exe, In Quarantäne, [98587dbbc1bb5cdaf98f225957ada858],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\18x18.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\background.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\blank.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\icon.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\manifest.json, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\new_tab.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\search_box.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\injection.css, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\jquery-ui-1.8.16.custom.css, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_222222_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_454545_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_888888_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\help.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Bing.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Google.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Search here.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Yahoo.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\bullet_arrow_down.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\bullet_arrow_down_old.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\icon.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search-inner-wrapper.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search-left.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_arrow_top_button.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_arrow_top_button_hovered.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_left_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_left_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_right_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_right_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_left_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_left_bottom_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_middle_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_right_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_right_bottom_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_left_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_left_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_right_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_right_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\bg.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\ConfigManager.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\content.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\InjectionManager.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\jquery-1.7.1.min.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\jquery-ui-1.8.16.custom.min.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\jquery.guid.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\md5.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\newTab.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\ScriptChecker.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\ScriptInjector.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\SearchBox.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\_locales\en\messages.json, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\18x18.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\background.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\blank.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest.json, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest_no_button.json, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\new_tab.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\search_box.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\injection.css, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\jquery-ui-1.8.16.custom.css, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_222222_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_454545_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_888888_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\help.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Bing.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Google.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Search here.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Yahoo.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down_old.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\icon.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-inner-wrapper.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-left.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button_hovered.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_bottom_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_middle_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_bottom_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\bg.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ConfigManager.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\content.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\InjectionManager.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-1.7.1.min.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-ui-1.8.16.custom.min.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery.guid.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\newTab.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptChecker.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptInjector.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\SearchBox.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\jetpack\abb@amazon.com\simple-storage\store.json, In Quarantäne, [a848cb6d7b016cca8771df2373901be5],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\addon.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\amazon_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\blocklist.json, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.cfg, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\defaulttabuninstaller.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DT.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DTReg.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\ebay_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\facebook_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\searchhere.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\search_here_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\twitter_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\update.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\wikipedia_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\addon.ico, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.cfg, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DT.ico, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\searchhere.ico, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTab.crx, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTabHost.exe, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTabHost.json, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\uid, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

JustBlue 07.11.2014 21:24
und noch die Daten vom Malware:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 07.11.2014
Suchlauf-Zeit: 18:37:12
Logdatei:
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.07.04
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: JUST BLUE

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295920
Verstrichene Zeit: 30 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe, 1952, Löschen bei Neustart, [fcf4ca6ea8d441f5f3e522ffd12fac54]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 32
PUP.Optional.DefaultTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DefaultTabUpdate, In Quarantäne, [fcf4ca6ea8d441f5f3e522ffd12fac54],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\TYPELIB\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\INTERFACE\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\INTERFACE\{BE89FFB3-7F9C-4A16-B475-98B195A06628}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowser.1, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowser, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Löschen bei Neustart, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX.1, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrowserActiveX, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\INPROCSERVER32, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{38495740-0035-4471-851E-F5BBB86AB085}, In Quarantäne, [658b9d9ba2da31057fca5463c53d54ac],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, In Quarantäne, [b23ef147cfad56e07ad02d8a758d40c0],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, In Quarantäne, [f5fb82b69ddfe84e37159423a85ad729],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, In Quarantäne, [638dbf79ea927bbb0b425067a35fae52],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\DefaultTabBHO.DLL, In Quarantäne, [d41c71c70a72fe38ae73cba042c1a35d],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\DEFAULT TAB, In Quarantäne, [a34d63d591ebe155fb28f972b44f6898],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kdidombaedgpfiiedeimiebkmbilgmlc, In Quarantäne, [5f918eaa196346f0e2df6adcbe45c040],
PUP.Optional.DefaultTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DefaultTabSearch, In Quarantäne, [98587dbbc1bb5cdaf98f225957ada858],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Löschen bei Neustart, [11df50e8afcd1b1b988df77422e142be],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, Löschen bei Neustart, [7c7478c06616bc7aca5a7deeaf5402fe],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Löschen bei Neustart, [fdf347f193e9e84e1c0952190ff415eb],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, Löschen bei Neustart, [cd2397a13f3d42f4b76db1ba7f8446ba],
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, Löschen bei Neustart, [aa46ef49b0cc9b9b1ad32163d133936d],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DefaultTab, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],

Registrierungswerte: 3
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\DEFAULT TAB|Version, 2.5.0.0, In Quarantäne, [a34d63d591ebe155fb28f972b44f6898]
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.5.0.0, Löschen bei Neustart, [7c7478c06616bc7aca5a7deeaf5402fe]
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.3.3.0, Löschen bei Neustart, [cd2397a13f3d42f4b76db1ba7f8446ba]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 34
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\components, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale\en-US, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\_locales, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\_locales\en, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\jetpack\abb@amazon.com, In Quarantäne, [a848cb6d7b016cca8771df2373901be5],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\jetpack\abb@amazon.com\simple-storage, In Quarantäne, [a848cb6d7b016cca8771df2373901be5],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab, Löschen bei Neustart, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab, Löschen bei Neustart, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\Apps, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\Apps, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],

Dateien: 166
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe, Löschen bei Neustart, [fcf4ca6ea8d441f5f3e522ffd12fac54],
PUP.Optional.DefaultTab, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll, In Quarantäne, [bb3580b8d5a7e94da56ae835c53c916f],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll, In Quarantäne, [ab4595a3bdbfc670927d180530d119e7],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe, In Quarantäne, [fdf348f08cf01620b45b938ad130a858],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe, In Quarantäne, [2cc41d1b720ab086947bff1ee31ed42c],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll, In Quarantäne, [816fb781d5a7989e2be479a48f72bc44],
PUP.Optional.DefaultTab, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll, In Quarantäne, [35bbd365522a152149c6cd507e838e72],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabSetup.exe, In Quarantäne, [a05073c5710b96a0fa7ea488bf41738d],
PUP.Optional.DefaultTab, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe, In Quarantäne, [d7191f19314b3ff78d82bc617e8357a9],
PUP.Optional.DefaultTab, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe, In Quarantäne, [6987f0485c207fb719f6b16cfe0311ef],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\extensions\abb@amazon.com.xpi, In Quarantäne, [945c63d5e5970e28df9284d9d62d48b8],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\extensions\addon@defaulttab.com.xpi, In Quarantäne, [fcf453e55923a6901e8578e50df67e82],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTabSearch.exe, In Quarantäne, [98587dbbc1bb5cdaf98f225957ada858],
PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties, In Quarantäne, [d31dc77181fb9f974f8db14c39c9db25],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\18x18.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\background.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\blank.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\icon.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\manifest.json, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\new_tab.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\search_box.html, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\injection.css, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\jquery-ui-1.8.16.custom.css, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_222222_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_454545_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_888888_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\help.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Bing.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Google.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Search here.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\engines_icons\Yahoo.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\bullet_arrow_down.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\bullet_arrow_down_old.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\icon.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search-inner-wrapper.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search-left.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_arrow_top_button.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_arrow_top_button_hovered.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_left_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_left_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_right_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_bottom_right_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_left_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_left_bottom_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_middle_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_right_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_right_bottom_border_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_bg.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_left_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_left_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_right_before_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\images\injection\search_top_right_corner.png, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\bg.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\ConfigManager.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\content.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\InjectionManager.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\jquery-1.7.1.min.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\jquery-ui-1.8.16.custom.min.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\jquery.guid.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\md5.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\newTab.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\ScriptChecker.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\ScriptInjector.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\js\SearchBox.js, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.9_0\_locales\en\messages.json, In Quarantäne, [4ba5e3553c405bdb101211f10cf730d0],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\18x18.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\background.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\blank.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest.json, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest_no_button.json, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\new_tab.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\search_box.html, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\injection.css, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\jquery-ui-1.8.16.custom.css, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_222222_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_454545_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_888888_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\help.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Bing.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Google.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Search here.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Yahoo.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down_old.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\icon.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-inner-wrapper.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-left.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button_hovered.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_bottom_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_middle_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_bottom_border_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_bg.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_before_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_corner.png, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\bg.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ConfigManager.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\content.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\InjectionManager.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-1.7.1.min.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-ui-1.8.16.custom.min.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery.guid.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\newTab.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptChecker.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptInjector.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\SearchBox.js, In Quarantäne, [5e92a98fa8d4bb7b938f48ba91725aa6],
PUP.Optional.AmazonTB.A, C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\jetpack\abb@amazon.com\simple-storage\store.json, In Quarantäne, [a848cb6d7b016cca8771df2373901be5],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\addon.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\amazon_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\blocklist.json, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.cfg, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\defaulttabuninstaller.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DT.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\DTReg.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\ebay_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\facebook_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\searchhere.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\search_here_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\twitter_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\update.exe, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Users\JUST BLUE\AppData\Roaming\defaulttab\defaulttab\wikipedia_ie.ico, In Quarantäne, [14dc7bbdf587c175dd6f3fdc0bf8bf41],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\addon.ico, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.cfg, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DT.ico, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\searchhere.ico, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe, In Quarantäne, [b53b172186f61b1b4507f02b7f84c739],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTab.crx, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTabHost.exe, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\DefaultTabHost.json, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],
PUP.Optional.DefaultTab.A, C:\Program Files\DefaultTab\uid, In Quarantäne, [f3fdce6a7408171f103da17a778cce32],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Machiavelli 07.11.2014 21:33
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 4
Bitte starte http://filepony.de/icon/frst.pngFRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, JRT und FRST hier in den Thread.

JustBlue 07.11.2014 21:51
Hallo,

ich hatte hier die log von FRST und MBAM schon gepostet. Soll ich warten oder die anderen Schritte ( also 1 und 3) unternehmen? Schritt 2 und 4 habe ich schon gemacht.
Danke für die Antwort!

Machiavelli 07.11.2014 21:55
Alle Schritte machen, sonst würd ich sie ja nicht posten.

JustBlue 08.11.2014 11:24
Hier der Log von adwarecleaner - der letzte kommt auch.

Code:
# AdwCleaner v4.002 - Bericht erstellt am 07/11/2014 um 22:14:13
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Starter  (32 bits)
# Benutzername : JUST BLUE - JUSTBLUE-PC
# Gestartet von : C:\Users\JUST BLUE\Downloads\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[x] Nicht Gelöscht : C:\Users\JUST BLUE\Desktop\AGI
[x] Nicht Gelöscht : C:\Program Files\Amazon\ABB
Ordner Gelöscht : C:\Users\JUSTBL~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\JUST BLUE\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\JUST BLUE\Desktop\Documents\Updater
Ordner Gelöscht : C:\Users\Public\Util

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v33.0.3 (x86 de)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [2459 octets] - [07/11/2014 22:01:32]
AdwCleaner[R1].txt - [2519 octets] - [07/11/2014 22:08:24]
AdwCleaner[S0].txt - [2438 octets] - [07/11/2014 22:14:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2498 octets] ##########
Der letzte Schritt - das Log:
Herzlichen Dank bisher.

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Starter x86
Ran by JUST BLUE on 07.11.2014 at 22:27:09,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{40D3788C-AB24-4355-B730-923FC6AB7E0D}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\JUST BLUE\AppData\Roaming\mozilla\firefox\profiles\h2m6tzdz.default\minidumps [224 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.11.2014 at 22:35:31,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi, kannst du bitte kurz Bescheid geben, ob wir heute noch was machen? Sonst würde ich auch Schluss machen für heute.
Besten Dank soweit.

Hallo,
machen wir noch weiter oder war es das für mich? Ich wäre dankbar, wenn du kurz Bescheid geben kannst. Letzter Schritt war, dir gestern die Logs zu schicken, die du wolltest.
Bitte kurz um Fedback.
Danke!

Machiavelli 08.11.2014 11:49
Ich habe folgendes gesagt:
Zitat:
Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, JRT und FRST hier in den Thread.
Ich sehe nur die Logs von Adwarecleaner und JRT, nicht die neuen Logs von MBAM und FRST.

===============================

Und mich zu pushen, dass ich so schnell wie möglich machen soll ("machen wir noch weiter oder war es das für mich?") , läuft bei mir nicht. Ich hab ein Leben neben diesem ganzen hier. Wenn Du Dein PC schnell repariert bekommen möchtest, gibt es PC Shops .... der einzige Nachteil ist, dass sie dort Geld verlangen. Wir sind noch lange nicht fertig, wenn Du mir die Logs nicht vollständig postest. :wtf:

JustBlue 08.11.2014 11:57
wollte nicht pushen, wollte nur wissen, ob ich am Computer bleibe, wenn noch was zu tun wäre. Sorry, dass du das in den falsche Hals bekommen hast. Ich bin dankbar für die Hilfe.
Die beiden Logs von MBAM und FRST, die du ansprichst hatte ich davor gepostet.
Möchtest du, dass ich nochmal einen Durchlauf mache und dann nochmal die Logs poste? Da stand nichts von neuen Logs.
Ich hatte um Verständnis ersucht, bin in diesem Bereich ganz unerfahren.

Machiavelli 08.11.2014 11:59
Zitat:
Möchtest du, dass ich nochmal einen Durchlauf mache und dann nochmal die Logs poste?
Ja. ;)

JustBlue 08.11.2014 13:11
hat jetzt etwas gedauert, hier die Logs von FRST (FRST und Adition) und MBAm. Wobei der nichts mehr gefunden hat.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by JUST BLUE (administrator) on JUSTBLUE-PC on 08-11-2014 13:03:10
Running from C:\Users\JUST BLUE\Desktop
Loaded Profiles: JUST BLUE &  (Available profiles: JUST BLUE)
Platform: Microsoft Windows 7 Starter  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
() C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
() C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
() C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Flux Software LLC) C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-03-24] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-03-24] (Synaptics Incorporated)
HKLM\...\Run: [ASUS VIBE] => C:\Program Files\ASUS\ASUS VIBE\ASUS VIBE.exe [102400 2010-03-02] (ecm)
HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960 2009-12-29] ()
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1166256 2010-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [751592 2010-01-29] ()
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [440224 2010-02-05] (ASUS)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-02-09] ()
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8432160 2010-03-24] (Realtek Semiconductor)
HKLM\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-25] ()
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-03-25] (ASUSTek Computer Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-07-07] (PowerISO Computing, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\Run: [f.lux] => C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\JUST BLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trimarga-yoga.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default
FF SearchEngineOrder.1: Amazon
FF Homepage: www.trimarga-yoga.de
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_2b7baa4ddde44786972731a4e989935c_39_1007_20131030_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-10-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=8005&t=11
CHR Profile: C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]
CHR Extension: (YouTube) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google-Suche) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Avira Browser Safety) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-11]
CHR Extension: (Google Wallet) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-24] (Adobe Systems) [File not signed]
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-09-21] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-03-04] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2010-03-24] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2010-03-24] ( )
R1 SCDEmu; C:\windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R2 SSPORT; C:\windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 13:03 - 2014-11-08 13:04 - 00018450 _____ () C:\Users\JUST BLUE\Desktop\FRST.txt
2014-11-08 13:02 - 2014-11-08 13:02 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\FRST-OlderVersion
2014-11-08 13:01 - 2014-11-08 13:01 - 00001191 _____ () C:\Users\JUST BLUE\Desktop\MBAM.txt
2014-11-07 22:56 - 2014-11-07 22:57 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\PC
2014-11-07 22:27 - 2014-11-07 22:27 - 00000000 ____D () C:\windows\ERUNT
2014-11-07 22:25 - 2014-11-07 22:26 - 01706939 _____ (Thisisu) C:\Users\JUST BLUE\Desktop\JRT.exe
2014-11-07 22:00 - 2014-11-07 22:14 - 00000000 ____D () C:\AdwCleaner
2014-11-07 21:59 - 2014-11-07 21:59 - 01998336 _____ () C:\Users\JUST BLUE\Desktop\AdwCleaner_4.002.exe
2014-11-07 21:15 - 2014-11-07 21:17 - 00023627 _____ () C:\Users\JUST BLUE\Downloads\Addition.txt
2014-11-07 21:13 - 2014-11-07 21:17 - 00027886 _____ () C:\Users\JUST BLUE\Downloads\FRST.txt
2014-11-07 21:11 - 2014-11-08 13:03 - 00000000 ____D () C:\FRST
2014-11-07 21:09 - 2014-11-08 13:02 - 01107968 _____ (Farbar) C:\Users\JUST BLUE\Desktop\FRST.exe
2014-11-07 18:35 - 2014-11-08 12:32 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-07 18:35 - 2014-11-07 18:35 - 00001060 _____ () C:\Users\JUST BLUE\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-07 18:35 - 2014-11-07 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-07 18:34 - 2014-11-07 18:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-07 18:34 - 2014-11-07 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 18:34 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-07 18:34 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-07 18:34 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-07 18:29 - 2014-11-07 18:32 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\JUST BLUE\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-07 18:20 - 2014-11-07 18:25 - 36249264 _____ () C:\Users\JUST BLUE\Downloads\FirefoxSetup33.0.3.exe
2014-11-05 20:48 - 2014-11-05 20:48 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-04 22:57 - 2014-11-04 22:57 - 00000000 ____D () C:\ProgramData\dtdata
2014-10-29 09:21 - 2014-11-08 12:30 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\SCHREIBEN-Projekte NEU
2014-10-20 07:00 - 2014-10-20 07:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-20 06:59 - 2014-10-20 06:58 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-10-20 06:58 - 2014-10-20 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 06:58 - 2014-10-20 06:58 - 00000000 ____D () C:\Program Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 12:55 - 2013-09-06 14:16 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 12:36 - 2010-08-26 09:22 - 02090528 _____ () C:\windows\WindowsUpdate.log
2014-11-08 11:20 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 11:20 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 11:11 - 2013-09-06 14:16 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 11:11 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-08 11:11 - 2009-07-14 05:39 - 00141572 _____ () C:\windows\setupact.log
2014-11-07 22:16 - 2014-01-04 14:51 - 06617274 _____ () C:\windows\PFRO.log
2014-11-07 22:14 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-07 19:13 - 2012-09-28 06:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 19:13 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-11-07 18:27 - 2014-05-27 19:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 18:27 - 2012-09-28 06:38 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-07 17:36 - 2009-07-25 08:50 - 01498506 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-06 13:01 - 2013-09-17 13:44 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\BEWERBUNG
2014-11-06 13:00 - 2014-07-24 08:20 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\KDP-CS
2014-11-05 20:48 - 2014-03-11 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-05 20:48 - 2014-03-11 20:42 - 00000000 ____D () C:\Program Files\Avira
2014-11-05 20:48 - 2014-03-11 20:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-05 19:28 - 2014-06-17 14:29 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\SCHATTENBLAU E-BOOK
2014-11-03 23:00 - 2013-10-30 10:40 - 00000306 __RSH () C:\Users\JUST BLUE\ntuser.pol
2014-11-03 23:00 - 2010-08-25 18:38 - 00000000 ____D () C:\Users\JUST BLUE
2014-11-03 08:44 - 2013-06-29 15:33 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\AGI
2014-10-22 09:47 - 2014-07-26 21:24 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Schattenblau FINALE DOKUMENTE
2014-10-21 11:51 - 2009-07-14 05:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-20 07:00 - 2014-05-08 14:23 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\WEBSITE KARLA FABRY
2014-10-20 07:00 - 2013-11-14 14:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 10:07 - 2014-08-16 13:41 - 00260608 ____H () C:\Users\JUST BLUE\Desktop\~WRL1500.tmp
2014-10-15 08:42 - 2014-08-16 13:41 - 00256512 ____H () C:\Users\JUST BLUE\Desktop\~WRL2583.tmp
2014-10-13 12:03 - 2014-08-16 13:41 - 00255488 ____H () C:\Users\JUST BLUE\Desktop\~WRL0696.tmp
2014-10-12 18:54 - 2014-02-16 21:01 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Documents\My Kindle Content
2014-10-12 12:03 - 2013-03-21 10:11 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\TRIMARGA-YOGA-UNTERLAGEN KURS
2014-10-11 11:38 - 2014-09-24 08:14 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Bookrix
2014-10-10 11:59 - 2014-05-05 08:24 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Documents\Calibre-Bibliothek
2014-10-09 14:44 - 2014-03-14 07:55 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-09 14:44 - 2014-03-11 21:03 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-09 14:44 - 2014-03-11 21:03 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat
C:\Users\JUST BLUE\chromeinstall-7u45.exe
C:\Users\JUST BLUE\KindlePreviewer.exe
C:\Users\JUST BLUE\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
C:\Users\JUST BLUE\PDF XChange Viewer Portable - CHIP-Installer.exe
C:\Users\Public\AlexaNSISPlugin.3704.dll


Some content of TEMP:
====================
C:\Users\JUST BLUE\AppData\Local\Temp\avgnt.exe
C:\Users\JUST BLUE\AppData\Local\Temp\AviraSetup329037.exe
C:\Users\JUST BLUE\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\Quarantine.exe
C:\Users\JUST BLUE\AppData\Local\Temp\ResetDevice.exe
C:\Users\JUST BLUE\AppData\Local\Temp\sqlite3.dll
C:\Users\JUST BLUE\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\JUST BLUE\AppData\Local\Temp\swt-win32-3452.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 11:55

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by JUST BLUE at 2014-11-08 13:04:52
Running from C:\Users\JUST BLUE\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe InDesign CS2 (HKLM\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.182 - Ecareme, Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.03.06 - ASUSTeK Computer Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Avira (HKLM\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{E1E819A4-112C-454D-A3BE-FB58C60A2D80}) (Version: 1.40.0 - Kovid Goyal)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.2 - AsusTek Computer)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day Wedding Married in Manhattan (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
ebi.BookReader3J (HKLM\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.2.3 - )
Eee Docking 3.6.2 (HKLM\...\Eee Docking_is1) (Version: 3.6.2 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0010 - ASUS)
EeeSplendid (Version: 5.1.2.0010 - ASUS) Hidden
f.lux (HKCU\...\Flux) (Version:  - )
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Game Park Console (HKLM\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.20 - AsusTek Computer)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{778511E7-621D-4CEE-AF1E-93432132C706}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM\...\{73DB9F06-C125-4A1C-A982-5801338EBE84}) (Version: 28.0.0 - Hewlett Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.21 - Asus)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PowerISO (HKLM\...\PowerISO) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6028 - Realtek Semiconductor Corp.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.10 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated)
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (Version: 2.055 - The New York Times Company) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-10-2014 17:01:40 Windows-Sicherung
28-10-2014 18:33:14 Windows-Sicherung
04-11-2014 19:11:01 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {101F37F4-D489-42E4-869D-E6DB17EA9832} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {4B940130-B7AE-49C1-BF0D-520BE04F1D6F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {60ACE5F5-A47D-405F-89CA-5A193D072EE7} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2014-11-04] ()
Task: {CA041AFC-2DCF-49C2-9E51-D97F3A1654CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {E50605A5-8E92-4C9C-A783-90EE73CF4F70} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2014-11-04] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-19 07:28 - 2011-06-21 08:42 - 00024064 _____ () C:\windows\System32\sst3cl3.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-03-25 14:10 - 2010-03-25 14:10 - 00030032 _____ () C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-03-25 14:10 - 2010-03-25 14:10 - 00839680 _____ () C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-09-21 15:36 - 2013-09-21 15:36 - 00358968 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-25 12:51 - 2010-03-04 01:55 - 00224680 _____ () C:\Windows\System32\AsusService.exe
2010-03-25 12:46 - 2009-12-29 23:28 - 00104960 _____ () C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
2010-01-29 19:18 - 2010-01-29 19:18 - 00751592 _____ () C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
2010-01-29 19:17 - 2010-01-29 19:17 - 00120808 _____ () C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
2009-08-28 00:29 - 2009-08-28 00:29 - 00182240 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2010-01-29 19:23 - 2010-01-29 19:23 - 00161768 _____ () C:\Program Files\Asus\LiveUpdate\Enumeration.dll
2010-03-25 13:10 - 2010-02-09 00:20 - 00415920 _____ () C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2009-08-03 00:05 - 2009-08-03 00:05 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-09-21 15:36 - 2013-09-21 15:36 - 00510520 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2014-10-28 20:57 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 20:57 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-04-10 10:57 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 10:57 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1224509571-4137203753-525113506-500 - Administrator - Disabled)
Gast (S-1-5-21-1224509571-4137203753-525113506-501 - Limited - Disabled)
JUST BLUE (S-1-5-21-1224509571-4137203753-525113506-1000 - Administrator - Enabled) => C:\Users\JUST BLUE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 11:39:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/08/2014 11:13:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/07/2014 11:40:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (11/07/2014 11:39:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8100\DriverStore\Pipeline\amd64\hpinkins5B12.exe


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 69%
Total physical RAM: 1014.18 MB
Available physical RAM: 314.19 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 648.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:58.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:44.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E6086D7A)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=122.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=18 MB) - (Type=EF)

==================== End Of Log ============================

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 08.11.2014
Suchlauf-Zeit: 12:32:38
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.08.02
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: JUST BLUE

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295992
Verstrichene Zeit: 27 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Danke soweit.

Machiavelli 08.11.2014 14:46
Schritt 1: FRST Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
C:\ProgramData\SMRResults410.dat
C:\Users\JUST BLUE\chromeinstall-7u45.exe
C:\Users\JUST BLUE\KindlePreviewer.exe
C:\Users\JUST BLUE\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
C:\Users\JUST BLUE\PDF XChange Viewer Portable - CHIP-Installer.exe
C:\Users\Public\AlexaNSISPlugin.3704.dll
C:\Users\JUST BLUE\AppData\Local\Temp\avgnt.exe
C:\Users\JUST BLUE\AppData\Local\Temp\AviraSetup329037.exe
C:\Users\JUST BLUE\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\Quarantine.exe
C:\Users\JUST BLUE\AppData\Local\Temp\ResetDevice.exe
C:\Users\JUST BLUE\AppData\Local\Temp\sqlite3.dll
C:\Users\JUST BLUE\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\JUST BLUE\AppData\Local\Temp\swt-win32-3452.dll
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2: FRST Scan

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Schritt 3: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4: Frage

Wie läuft Dein PC?

JustBlue 08.11.2014 15:01
Danke, Machiavelli! Puh, das kling jetzt etwas kompliziert, hoffe, ich komme durch. Und ich hoffe, ich mache nichts versehentlich kaputt!
Eine Frage vorab:
"Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren." - wie macht man das?

Machiavelli 08.11.2014 15:02
Avira ausschalten - so geht's

JustBlue 08.11.2014 17:07
er hängt im ESET seit 1 Stunde bei 30% - ist das normal?

Machiavelli 08.11.2014 19:59
Eset dauert lange.

JustBlue 08.11.2014 23:49
log von ESET finaly! hat fast 8 std. gedauert.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=097f16f361fbf74a82bb52e58774bc69
# engine=20945
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-08 10:32:37
# local_time=2014-11-08 11:32:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 47456 22164693 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 278225 167117148 0 0
# scanned=155604
# found=12
# cleaned=0
# scan_time=27425
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\JUSTBL~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=E650389469F986696CB7F1FBB0846B435B3AA9A9 ft=1 fh=9401014969b40c86 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\JUST BLUE\PDF XChange Viewer Portable - CHIP-Installer.exe.xBAD"
sh=FFE65F9133548E2B41358D906715B140B747042D ft=1 fh=66de45719dcbe408 vn="Variante von Win32/Toolbar.DefaultTab.F evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\dtdata\R002.exe"
sh=FFE65F9133548E2B41358D906715B140B747042D ft=1 fh=66de45719dcbe408 vn="Variante von Win32/Toolbar.DefaultTab.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\dtdata\R002.exe"
sh=25D54DD467D0C31E0745D5379565E8800364CB75 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-09-30 193306\Backup Files 2014-09-30 193306\Backup files 11.zip"
sh=228D1AFC3ED9CD1542BD992E64391E55733592F2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.F evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-09-30 193306\Backup Files 2014-09-30 193306\Backup files 20.zip"
sh=0CB40CA2351F70D25009A398694099521BCE00C4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.C evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-09-30 193306\Backup Files 2014-09-30 193306\Backup files 5.zip"
sh=B507BE7AA63809DD91AD416FD72701D44166848B ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-09-30 193306\Backup Files 2014-09-30 193306\Backup files 8.zip"
sh=2B9CCA11082CDDEFB30EE0DDB36DE7104C9A1D1B ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.DefaultTab.F evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-09-30 193306\Backup Files 2014-10-28 193015\Backup files 2.zip"
sh=AC9C508E16F889AEBA382F30B285C0ADDE97C143 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-11-04 200800\Backup Files 2014-11-04 200800\Backup files 13.zip"
sh=D98B52492BEA13E68154C81DBF1CB358549DDF13 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.C evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-11-04 200800\Backup Files 2014-11-04 200800\Backup files 5.zip"
sh=5C8406837074EE8B662332C0F848D271830BD977 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\JUSTBLUE-PC\Backup Set 2014-11-04 200800\Backup Files 2014-11-04 200800\Backup files 8.zip"
und log vom fix und den beiden logs nach FRST Scann

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-11-2014 01
Ran by JUST BLUE at 2014-11-08 15:04:10 Run:1
Running from C:\Users\JUST BLUE\Desktop
Loaded Profiles: JUST BLUE &  (Available profiles: JUST BLUE)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f} - F:\AutoRun.exe
HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f} - F:\Setup.exe
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
C:\ProgramData\SMRResults410.dat
C:\Users\JUST BLUE\chromeinstall-7u45.exe
C:\Users\JUST BLUE\KindlePreviewer.exe
C:\Users\JUST BLUE\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe
C:\Users\JUST BLUE\PDF XChange Viewer Portable - CHIP-Installer.exe
C:\Users\Public\AlexaNSISPlugin.3704.dll
C:\Users\JUST BLUE\AppData\Local\Temp\avgnt.exe
C:\Users\JUST BLUE\AppData\Local\Temp\AviraSetup329037.exe
C:\Users\JUST BLUE\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JUST BLUE\AppData\Local\Temp\Quarantine.exe
C:\Users\JUST BLUE\AppData\Local\Temp\ResetDevice.exe
C:\Users\JUST BLUE\AppData\Local\Temp\sqlite3.dll
C:\Users\JUST BLUE\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\JUST BLUE\AppData\Local\Temp\swt-win32-3452.dll
EmptyTemp:
*****************

"HKU\S-1-5-21-1224509571-4137203753-525113506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1224509571-4137203753-525113506-1000" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2fb3c8a-229b-11e3-863c-1c4bd60ada8f}" => Key deleted successfully.
"HKCR\CLSID\{a2fb3c8a-229b-11e3-863c-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2fb3c8e-229b-11e3-863c-1c4bd60ada8f}" => Key deleted successfully.
"HKCR\CLSID\{a2fb3c8e-229b-11e3-863c-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f}" => Key deleted successfully.
"HKCR\CLSID\{ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f}" => Key deleted successfully.
"HKCR\CLSID\{ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b18e28d6-80af-11e2-8c6f-1c4bd60ada8f}" => Key deleted successfully.
"HKCR\CLSID\{b18e28d6-80af-11e2-8c6f-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}" => Key not found.
"HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f}" => Key not found.
"HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8a-229b-11e3-863c-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f}" => Key not found.
"HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2fb3c8e-229b-11e3-863c-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f}" => Key not found.
"HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20e9-b0d3-11e3-af3e-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f}" => Key not found.
"HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ac8f20ec-b0d3-11e3-af3e-1c4bd60ada8f}" => Key not found.
"HKU\S-1-5-21-1224509571-4137203753-525113506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f}" => Key not found.
"HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b18e28d6-80af-11e2-8c6f-1c4bd60ada8f}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
C:\ProgramData\SMRResults410.dat => Moved successfully.
C:\Users\JUST BLUE\chromeinstall-7u45.exe => Moved successfully.
C:\Users\JUST BLUE\KindlePreviewer.exe => Moved successfully.
C:\Users\JUST BLUE\NIS_21.1.0.18_SYMTB_TMD_MRFTT_820_10131.exe => Moved successfully.
C:\Users\JUST BLUE\PDF XChange Viewer Portable - CHIP-Installer.exe => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.3704.dll => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\AviraSetup329037.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\DataCard_Setup.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\ResetDevice.exe => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\swt-gdip-win32-3452.dll => Moved successfully.
C:\Users\JUST BLUE\AppData\Local\Temp\swt-win32-3452.dll => Moved successfully.
EmptyTemp: => Removed 3.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by JUST BLUE (administrator) on JUSTBLUE-PC on 08-11-2014 15:38:04
Running from C:\Users\JUST BLUE\Desktop
Loaded Profile: JUST BLUE (Available profiles: JUST BLUE)
Platform: Microsoft Windows 7 Starter  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
() C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
() C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
() C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Flux Software LLC) C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AsusService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\EeePC\CapsHook\CapsHook.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
() C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-03-24] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-03-24] (Synaptics Incorporated)
HKLM\...\Run: [ASUS VIBE] => C:\Program Files\ASUS\ASUS VIBE\ASUS VIBE.exe [102400 2010-03-02] (ecm)
HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe [104960 2009-12-29] ()
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1166256 2010-03-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [751592 2010-01-29] ()
HKLM\...\Run: [CapsHook] => C:\Program Files\EeePC\CapsHook\CapsHook.exe [440224 2010-02-05] (ASUS)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-02-09] ()
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8432160 2010-03-24] (Realtek Semiconductor)
HKLM\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-25] ()
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-03-25] (ASUSTek Computer Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [167936 2008-07-07] (PowerISO Computing, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\Run: [f.lux] => C:\Users\JUST BLUE\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1224509571-4137203753-525113506-1000\...\MountPoints2: E - E:\setup.EXE /AUTORUN
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\JUST BLUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trimarga-yoga.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default
FF SearchEngineOrder.1: Amazon
FF Homepage: www.trimarga-yoga.de
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_2b7baa4ddde44786972731a4e989935c_39_1007_20131030_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JUST BLUE\AppData\Roaming\Mozilla\Firefox\Profiles\h2m6tzdz.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-10-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.mysearchresults.com/?c=8005&t=11
CHR Profile: C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]
CHR Extension: (YouTube) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google-Suche) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Avira Browser Safety) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-11]
CHR Extension: (Google Wallet) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Google Mail) - C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-24] (Adobe Systems) [File not signed]
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-09-21] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\Windows\System32\AsusService.exe [224680 2010-03-04] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11448 2010-03-24] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2010-03-24] ( )
R1 SCDEmu; C:\windows\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R2 SSPORT; C:\windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 15:38 - 2014-11-08 15:39 - 00016237 _____ () C:\Users\JUST BLUE\Desktop\FRST.txt
2014-11-07 22:56 - 2014-11-08 13:13 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\PC
2014-11-07 22:27 - 2014-11-07 22:27 - 00000000 ____D () C:\windows\ERUNT
2014-11-07 22:25 - 2014-11-07 22:26 - 01706939 _____ (Thisisu) C:\Users\JUST BLUE\Desktop\JRT.exe
2014-11-07 22:00 - 2014-11-07 22:14 - 00000000 ____D () C:\AdwCleaner
2014-11-07 21:59 - 2014-11-07 21:59 - 01998336 _____ () C:\Users\JUST BLUE\Desktop\AdwCleaner_4.002.exe
2014-11-07 21:15 - 2014-11-07 21:17 - 00023627 _____ () C:\Users\JUST BLUE\Downloads\Addition.txt
2014-11-07 21:13 - 2014-11-07 21:17 - 00027886 _____ () C:\Users\JUST BLUE\Downloads\FRST.txt
2014-11-07 21:11 - 2014-11-08 15:38 - 00000000 ____D () C:\FRST
2014-11-07 21:09 - 2014-11-08 13:02 - 01107968 _____ (Farbar) C:\Users\JUST BLUE\Desktop\FRST.exe
2014-11-07 18:35 - 2014-11-08 12:32 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-07 18:35 - 2014-11-07 18:35 - 00001060 _____ () C:\Users\JUST BLUE\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-07 18:35 - 2014-11-07 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-07 18:34 - 2014-11-07 18:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-07 18:34 - 2014-11-07 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 18:34 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-07 18:34 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-07 18:34 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-07 18:29 - 2014-11-07 18:32 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\JUST BLUE\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-07 18:20 - 2014-11-07 18:25 - 36249264 _____ () C:\Users\JUST BLUE\Downloads\FirefoxSetup33.0.3.exe
2014-11-05 20:48 - 2014-11-05 20:48 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-04 22:57 - 2014-11-04 22:57 - 00000000 ____D () C:\ProgramData\dtdata
2014-10-29 09:21 - 2014-11-08 12:30 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\SCHREIBEN-Projekte NEU
2014-10-20 07:00 - 2014-10-20 07:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-20 06:59 - 2014-10-20 06:58 - 00272808 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00175528 _____ (Oracle Corporation) C:\windows\system32\java.exe
2014-10-20 06:58 - 2014-10-20 06:58 - 00096680 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-10-20 06:58 - 2014-10-20 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 06:58 - 2014-10-20 06:58 - 00000000 ____D () C:\Program Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 15:31 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 15:31 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 15:26 - 2010-08-26 09:22 - 02094460 _____ () C:\windows\WindowsUpdate.log
2014-11-08 15:22 - 2013-09-06 14:16 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 15:21 - 2014-01-04 14:51 - 06617698 _____ () C:\windows\PFRO.log
2014-11-08 15:21 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-08 15:21 - 2009-07-14 05:39 - 00141628 _____ () C:\windows\setupact.log
2014-11-08 15:10 - 2010-08-25 18:38 - 00000000 ____D () C:\Users\JUST BLUE
2014-11-08 15:10 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-08 14:55 - 2013-09-06 14:16 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 14:46 - 2013-03-21 10:11 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\TRIMARGA-YOGA-UNTERLAGEN KURS
2014-11-07 19:13 - 2012-09-28 06:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-07 19:13 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-11-07 18:27 - 2014-05-27 19:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-07 18:27 - 2012-09-28 06:38 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-07 17:36 - 2009-07-25 08:50 - 01498506 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-06 13:01 - 2013-09-17 13:44 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\BEWERBUNG
2014-11-06 13:00 - 2014-07-24 08:20 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\KDP-CS
2014-11-05 20:48 - 2014-03-11 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-05 20:48 - 2014-03-11 20:42 - 00000000 ____D () C:\Program Files\Avira
2014-11-05 20:48 - 2014-03-11 20:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-05 19:28 - 2014-06-17 14:29 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\SCHATTENBLAU E-BOOK
2014-11-03 23:00 - 2013-10-30 10:40 - 00000306 __RSH () C:\Users\JUST BLUE\ntuser.pol
2014-11-03 08:44 - 2013-06-29 15:33 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\AGI
2014-10-22 09:47 - 2014-07-26 21:24 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Schattenblau FINALE DOKUMENTE
2014-10-21 11:51 - 2009-07-14 05:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-20 07:00 - 2014-05-08 14:23 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\WEBSITE KARLA FABRY
2014-10-20 07:00 - 2013-11-14 14:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 10:07 - 2014-08-16 13:41 - 00260608 ____H () C:\Users\JUST BLUE\Desktop\~WRL1500.tmp
2014-10-15 08:42 - 2014-08-16 13:41 - 00256512 ____H () C:\Users\JUST BLUE\Desktop\~WRL2583.tmp
2014-10-13 12:03 - 2014-08-16 13:41 - 00255488 ____H () C:\Users\JUST BLUE\Desktop\~WRL0696.tmp
2014-10-12 18:54 - 2014-02-16 21:01 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Documents\My Kindle Content
2014-10-11 11:38 - 2014-09-24 08:14 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Bookrix
2014-10-10 11:59 - 2014-05-05 08:24 - 00000000 ____D () C:\Users\JUST BLUE\Desktop\Documents\Calibre-Bibliothek
2014-10-09 14:44 - 2014-03-14 07:55 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-10-09 14:44 - 2014-03-11 21:03 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-10-09 14:44 - 2014-03-11 21:03 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\JUST BLUE\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 11:55

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by JUST BLUE at 2014-11-08 15:40:07
Running from C:\Users\JUST BLUE\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.1.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe InDesign CS2 (HKLM\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.182 - Ecareme, Inc.)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.03.06 - ASUSTeK Computer Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Avira (HKLM\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{E1E819A4-112C-454D-A3BE-FB58C60A2D80}) (Version: 1.40.0 - Kovid Goyal)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.2 - AsusTek Computer)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day Wedding Married in Manhattan (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
ebi.BookReader3J (HKLM\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.2.3 - )
Eee Docking 3.6.2 (HKLM\...\Eee Docking_is1) (Version: 3.6.2 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0010 - ASUS)
EeeSplendid (Version: 5.1.2.0010 - ASUS) Hidden
f.lux (HKCU\...\Flux) (Version:  - )
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Game Park Console (HKLM\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.20 - AsusTek Computer)
HP Officejet Pro 8100 - Grundlegende Software für das Gerät (HKLM\...\{778511E7-621D-4CEE-AF1E-93432132C706}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Hilfe (HKLM\...\{73DB9F06-C125-4A1C-A982-5801338EBE84}) (Version: 28.0.0 - Hewlett Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.21 - Asus)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.3 (x86 de) (HKLM\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PowerISO (HKLM\...\PowerISO) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6028 - Realtek Semiconductor Corp.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.10 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated)
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (Version: 2.055 - The New York Times Company) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1224509571-4137203753-525113506-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JUST BLUE\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-10-2014 17:01:40 Windows-Sicherung
28-10-2014 18:33:14 Windows-Sicherung
04-11-2014 19:11:01 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {101F37F4-D489-42E4-869D-E6DB17EA9832} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {4B940130-B7AE-49C1-BF0D-520BE04F1D6F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {60ACE5F5-A47D-405F-89CA-5A193D072EE7} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2014-11-04] ()
Task: {CA041AFC-2DCF-49C2-9E51-D97F3A1654CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {E50605A5-8E92-4C9C-A783-90EE73CF4F70} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2014-11-04] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-19 07:28 - 2011-06-21 08:42 - 00024064 _____ () C:\windows\System32\sst3cl3.dll
2010-03-25 12:46 - 2009-12-29 23:28 - 00104960 _____ () C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
2010-03-25 13:10 - 2010-02-09 00:20 - 00415920 _____ () C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-03 00:05 - 2009-08-03 00:05 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-09-21 15:36 - 2013-09-21 15:36 - 00510520 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-09-21 15:36 - 2013-09-21 15:36 - 00358968 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2010-03-25 12:51 - 2010-03-04 01:55 - 00224680 _____ () C:\Windows\System32\AsusService.exe
2010-01-29 19:18 - 2010-01-29 19:18 - 00751592 _____ () C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
2010-01-29 19:17 - 2010-01-29 19:17 - 00120808 _____ () C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
2009-08-28 00:29 - 2009-08-28 00:29 - 00182240 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2010-01-29 19:23 - 2010-01-29 19:23 - 00161768 _____ () C:\Program Files\Asus\LiveUpdate\Enumeration.dll
2014-10-28 20:57 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 20:57 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-04-10 10:57 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 10:57 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\JUST BLUE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1224509571-4137203753-525113506-500 - Administrator - Disabled)
Gast (S-1-5-21-1224509571-4137203753-525113506-501 - Limited - Disabled)
JUST BLUE (S-1-5-21-1224509571-4137203753-525113506-1000 - Administrator - Enabled) => C:\Users\JUST BLUE

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 11:39:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/08/2014 03:23:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/08/2014 11:13:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/07/2014 11:40:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (11/07/2014 11:39:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Officejet Pro 8100\DriverStore\Pipeline\amd64\hpinkins5B12.exe


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 80%
Total physical RAM: 1014.18 MB
Available physical RAM: 195.04 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 677.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:61.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:122.87 GB) (Free:44.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E6086D7A)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=122.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=18 MB) - (Type=EF)

==================== End Of Log ============================
PUH! Hoffe, das ging jetzt gut. Durch ESET hat er noch 12 infizierte Dateien gefunden. Danke zwischendrin nochmal.

Machiavelli 08.11.2014 23:53
Deine BackUps sind teilweise verseucht
...
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\dtdata
C:\Users\All Users\dtdata

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Wie läuft das System?

JustBlue 08.11.2014 23:55
Ich entferne noch ESET. Soll ich dann wieder avira und firewall aktivieren oder noch warten? falls du schon im Bett liegst, gute Nacht! :-))

ah! du hast geantwortet. ich mache nun, was du geschrieben hast.

Machiavelli 09.11.2014 00:00
Jo, Avira und Firewall wieder aktivieren. Bin heute länger auf, hab heute das Vergnügen meine Schwester von ner Party abzuholen.

JustBlue 09.11.2014 00:11
hab ich gemacht:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-11-2014 01
Ran by JUST BLUE at 2014-11-08 23:58:52 Run:2
Running from C:\Users\JUST BLUE\Desktop
Loaded Profile: JUST BLUE (Available profiles: JUST BLUE)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\ProgramData\dtdata
C:\Users\All Users\dtdata
*****************

C:\ProgramData\dtdata => Moved successfully.
"C:\Users\All Users\dtdata" => File/Directory not found.

==== End of Fixlog ====
hihi - gemein, nicht mitfeiern zu dürfen :(

habe nun avira wieder aktiv und ESET deinstalliert. Es scheint gut zu laufen, habe aber noch kein Neustart gemacht.

Machiavelli 09.11.2014 00:23
Hallo,
nach meiner Erkenntnis, ist Dein PC soweit sauber. :abklatsch:

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du mir Feedback geben willst, kannst Du es hier gerne tun: Lob, Kritik und Wünsche - Trojaner-Board


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

JustBlue 09.11.2014 00:36
Hallo, Machiavelli,

das freut mich und ich bin echt stolz auf uns. Habe sowas (für mich) Kompliziertes noch nie gemacht.
Alles andere, was du jetzt noch gemailt hast, werde ich morgen machen und mich nochmal melden. Jetzt verschwimmt schon alles vor meinen Augen (nein, hab nix getrunken :-))
Kannst du mir noch sagen, was diese Meldung war, die ich im Betreff erwähne? So fing es ja an. Hab ich diesen Trojaner auf dem Computer gehabt oder hat ihn avira geblockt?
Und wäre es sinnvoll von Zeit zu Zeit diese Scans von selbst zu machen, um zu sehen, ob wieder was ist?
Ganz großes DANKESCHÖN für heute und bis morgen!
Dir eine gute Nacht!

Machiavelli 09.11.2014 00:42
Zitat:
Kannst du mir noch sagen, was diese Meldung war, die ich im Betreff erwähne? So fing es ja an. Hab ich diesen Trojaner auf dem Computer gehabt oder hat ihn avira geblockt?
Geblockt.

Zitat:
Und wäre es sinnvoll von Zeit zu Zeit diese Scans von selbst zu machen, um zu sehen, ob wieder was ist?
Ja.

JustBlue 09.11.2014 13:48
Hi, Machiavelli,
hier bin ich wieder.
Ich habe begonnen, die Liste von oben durchzugehen. Habe alles deinstalliert, wollte Windows jetzt updaten (habe gesehen, dass es nicht automatisch eingestellt war und noch nie upgedatet wurde) und nachdem es gemeldet hat, dass 27 updates da sind, hab ich auf ok gedrückt. nach einer weile kam aber die Meldung, dass es fehlgeschlagen ist. Fehler 80243004. weißt du, was das bedeutet?

Machiavelli 09.11.2014 14:17
Ne, melde Dich im Windows Forum.

JustBlue 09.11.2014 15:52
secunia geht auch nicht, meldet, dass es bei proxy servern nicht funktioniert ... keine Ahnung.

Er hat mich beim Herunterfahren wieder nach updates gefragt, habe ok geklickt und diesmal hat er die updates wohl gemacht. Beim Hochfahren sah dann mein Schreibtisch wüst aus, lauter Dateien aus meinen Ordnern mit ~ davor - habe alle in den Papierkorb und lass mal das Ganze jetzt, nicht dass ich noch mehr verhaue. Ich habe mit TFC mal saubergemacht und die Empfehlungen für sicheres Browsen schau ich mir demnächst an. Ich denke, wir können diesen Thread jetzt beenden, was meinst?
Ich möchte dir nochmal ganz herzlich für deine Hilfe und Geduld danken und wünsche noch einen schönen restsonntag!
JustBlue

Machiavelli 09.11.2014 16:34
Kein Problem.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55