overloaddani | 14.01.2015 14:54 | Erster Scan vom 8.1 Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.01.2015
Suchlauf-Zeit: 12:45:26
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.08.09
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Petra
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363667
Verstrichene Zeit: 21 Min, 3 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 5
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1228, Löschen bei Neustart, [dc1dc92b6029f83e053c2354b15044bc]
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1308, Löschen bei Neustart, [7f7a995b91f85fd7b5aa586b7d843bc5]
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, 2172, Löschen bei Neustart, [33c6797bef9af93dc0b564829b667a86]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 2376, Löschen bei Neustart, [8871718357328da9655b0549cf34c040]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 1792, Löschen bei Neustart, [8871718357328da9655b0549cf34c040]
Module: 12
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
Registrierungsschlüssel: 22
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [dc1dc92b6029f83e053c2354b15044bc],
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [7f7a995b91f85fd7b5aa586b7d843bc5],
PUP.Optional.SecurityProtection.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\noajmlkipclmeolfcnflkjhijkigpfjh, In Quarantäne, [3fbafff5484134021a848cde758ef30d],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [669302f21d6c85b1375f339a887ccc34],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [a059678d5732fa3cbd35562b798aae52],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [4cad0ce80584c3733ab19c452ed69d63],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [41b8aa4a76136fc7c007daa2ee1513ed],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [e217e01433564cea2785bae59d66758b],
PUP.Optional.SecurityProtection.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\noajmlkipclmeolfcnflkjhijkigpfjh, In Quarantäne, [c237866eddac6ec80995442653b0af51],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [f30601f34346cb6b9ff7ceff0bf912ee],
Trojan.Zlob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Secure Browsing, In Quarantäne, [b841ac482267b87e1abe4eee8e76c040],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [bc3ddc184b3eca6cbadbf8842dd68977],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [d3267b793e4bde5864627efec73cb64a],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [d92048ac3e4b51e519d6b7ba0af9629e],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [ce2bb63ef990db5b20d02c4554af9a66],
PUP.Optional.Softonic.A, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [38c1a54f90f9f343ed79e784dc27dc24],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [59a0658f6d1c6fc73e38e49a61a212ee],
PUP.Optional.Qone8, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [4dac6e8633569b9ba1f48b427490d22e],
PUP.Optional.IEBho.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}, In Quarantäne, [2bce965e6f1a61d51dc97ce95da6a35d],
PUP.Optional.IEBho.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}, In Quarantäne, [2bce965e6f1a61d51dc97ce95da6a35d],
PUP.Optional.IEBho.A, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}, In Quarantäne, [2bce965e6f1a61d51dc97ce95da6a35d],
PUP.Optional.IEBho.A, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}, In Quarantäne, [2bce965e6f1a61d51dc97ce95da6a35d],
Registrierungswerte: 3
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\q9txwqze.default-1415791088477\extensions\faststartff@gmail.com, In Quarantäne, [cc2d0ce8b5d413235fa69150bd476e92]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [bc3ddc184b3eca6cbadbf8842dd68977]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cvs, In Quarantäne, [d3267b793e4bde5864627efec73cb64a]
Registrierungsdaten: 19
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[a05942b25a2f94a24ce8731b877e54ac]
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[cb2ef7fd6821360081b6513d0ef7916f]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[8e6b16de2a5f6fc71af6275cc144a858]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}),Ersetzt,[699043b16e1b4de98384f2917e87926e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[35c463912e5b74c219ec275c3cc99868]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[19e04da7fe8b78beb356daa944c13ec2]
PUP.Optional.WebSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}),Ersetzt,[03f69b59e8a189ad0421820df51025db]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[9366c3316425eb4b9e8dfc913dc823dd]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[b940d91b91f883b3fc381c7213f28d73]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.delta-homes.com/?type=sc&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[18e12fc5bdcc72c4ac8b88062ed7fe02]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[c732767e96f340f627e9216228dd06fa]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}),Ersetzt,[30c982723c4dda5c8483364ddc29ea16]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[0bee4fa5b9d0112513f28bf80bfabb45]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[c930c4305f2a81b589808af9c2437e82]
PUP.Optional.WebSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}),Ersetzt,[6c8d62920287fd3927feb3dcff069c64]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[827738bc93f60e28b675d3baa5608878]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[38c103f1e4a53df97d8d493ab74e6d93]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V),Ersetzt,[b74234c05e2b2016f115fa89a85dac54]
PUP.Optional.Delta.A, HKU\S-1-5-21-246571129-3070922076-3956363189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}),Ersetzt,[2dccb53f7d0c81b597965a3430d523dd]
Ordner: 38
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [a455f8fce8a1c27464f3073f798ad828],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [a455f8fce8a1c27464f3073f798ad828],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [44b5e1135b2eb086e2d201470af91de3],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [44b5e1135b2eb086e2d201470af91de3],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\_metadata, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\_metadata, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.IEBho.A, C:\Users\Petra\AppData\LocalLow\IE-BHO, In Quarantäne, [2bce965e6f1a61d51dc97ce95da6a35d],
Dateien: 92
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [dc1dc92b6029f83e053c2354b15044bc],
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [7f7a995b91f85fd7b5aa586b7d843bc5],
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [33c6797bef9af93dc0b564829b667a86],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [d22747ad66232f07bd657b2cb051669a],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [9762b341fe8b8babc062c3e4ad54f40c],
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [62971dd7c2c77fb79881b9d1e41d9a66],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [db1e856fdfaa261036ecd1d6b8494ab6],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [37c2f8fcee9b42f42af816917f82fd03],
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [b841c133cabf68ce320fcaad36cb06fa],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [fefb46ae3e4b8ea8d1e471c40df3c040],
PUP.Optional.Breitschopp, C:\Users\Petra\Downloads\DLG_free_driver_scout_chip_default.exe, In Quarantäne, [ab4eae46deabfe38528e5ff58d7818e8],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx, In Quarantäne, [ed0cf5ffbfca5bdba8f50169fd068080],
PUP.Optional.Delta.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml, In Quarantäne, [94652ec6375254e2b7ce1576e81bc739],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [a2575b99602993a37f2f9b0430d3c23e],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [a455f8fce8a1c27464f3073f798ad828],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [44b5e1135b2eb086e2d201470af91de3],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, In Quarantäne, [44b5e1135b2eb086e2d201470af91de3],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\BHOEnabler.exe, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [8871718357328da9655b0549cf34c040],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\background.html, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\icon128.png, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\manifest.json, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\js\background.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\js\det.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\js\inject.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\js\jquery-1.11.1.min.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_0\_metadata\verified_contents.json, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\background.html, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\icon128.png, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\manifest.json, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\js\background.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\js\det.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\js\inject.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\js\jquery-1.11.1.min.js, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.SecurityProtection.A, C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.0_1\_metadata\verified_contents.json, In Quarantäne, [1bde7c78daaf75c11f2c8ed33fc40af6],
PUP.Optional.IEBho.A, C:\Users\Petra\AppData\LocalLow\IE-BHO\bho.dll, In Quarantäne, [2bce965e6f1a61d51dc97ce95da6a35d],
PUP.Optional.IEBho.A, C:\Users\Petra\AppData\LocalLow\IE-BHO\ie.ini, In Quarantäne, [2bce965e6f1a61d51dc97ce95da6a35d],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) 2. von heute Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 14.01.2015
Suchlauf-Zeit: 13:51:58
Logdatei: mbam2.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.14.05
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Petra
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 364350
Verstrichene Zeit: 32 Min, 24 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 0
(Keine schädliche Elemente erkannt)
Dateien: 0
(Keine schädliche Elemente erkannt)
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Code:
# AdwCleaner v4.107 - Bericht erstellt am 14/01/2015 um 14:37:54
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Petra - PETRA-PC
# Gestartet von : C:\Users\Petra\Downloads\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Petra\AppData\Local\Temp\Security Systems
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\Petra\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\q9txwqze.default-1415791088477\invalidprefs.js
***** [ Tasks ] *****
Task Gelöscht : FreeDriverScout
Task Gelöscht : Software Updater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Petra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Petra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Petra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v33.1 (x86 de)
[q9txwqze.default-1415791088477\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[q9txwqze.default-1415791088477\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v39.0.2171.95
[C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}
[C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416499354&from=cvs&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}
[C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V&q={searchTerms}
*************************
AdwCleaner[R0].txt - [2979 octets] - [14/01/2015 14:34:21]
AdwCleaner[S0].txt - [3782 octets] - [14/01/2015 14:37:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3842 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Petra on 14.01.2015 at 14:43:42,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Petra\AppData\Roaming\mozilla\firefox\profiles\q9txwqze.default-1415791088477\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2015 at 14:49:12,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Petra (administrator) on PETRA-PC on 14-01-2015 14:52:42
Running from C:\Users\Petra\Downloads
Loaded Profile: Petra (Available profiles: Petra & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Petra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Farbar) C:\Users\Petra\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-246571129-3070922076-3956363189-1000\...\Run: [Spotify Web Helper] => C:\Users\Petra\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-05-03] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk
ShortcutTarget: Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-246571129-3070922076-3956363189-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-246571129-3070922076-3956363189-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-246571129-3070922076-3956363189-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-246571129-3070922076-3956363189-1000 -> {13D728C5-E6A9-415F-973A-2D6C5C388663} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-246571129-3070922076-3956363189-1000 -> {BF124927-19E1-41D5-AB0E-CD877237C6C0} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B010DE739D20121004&p={SearchTerms}
BHO: Secure Browsing -> {ab9dc840-c1d9-473d-a9b5-738b9052788a} -> C:\Program Files (x86)\Secure Browsing\securebrowsing64.dll (Secure Browsing Ltd.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Secure Browsing -> {ab9dc840-c1d9-473d-a9b5-738b9052788a} -> C:\Program Files (x86)\Secure Browsing\securebrowsing.dll (Secure Browsing Ltd.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\q9txwqze.default-1415791088477
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Security Protection - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\q9txwqze.default-1415791088477\Extensions\detgdp@gmail.com [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{843c5ce9-4d43-438d-9885-f80063b0d09f}] - C:\Program Files (x86)\Secure Browsing\securebrowsing.xpi
FF Extension: Secure Browsing - C:\Program Files (x86)\Secure Browsing\securebrowsing.xpi [2014-09-30]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\q9txwqze.default-1415791088477\extensions\detgdp@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-12-22]
FF HKU\S-1-5-21-246571129-3070922076-3956363189-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-246571129-3070922076-3956363189-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\qyh6flu1.default\extensions\cliqz@cliqz.com
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1418819143&from=wpm12173&uid=ST3200822AS_5LJ05J3VXXXX5LJ05J3V"
CHR DefaultSearchKeyword: Default -> delta-homes
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
CHR Extension: (SiteAdvisor) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-10-27]
CHR Extension: (Google Wallet) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-10]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154320 2014-12-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [23040 2012-11-28] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [34816 2013-03-19] (TPMX Electronics Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 14:51 - 2015-01-14 14:52 - 02124288 _____ (Farbar) C:\Users\Petra\Downloads\FRST64(1).exe
2015-01-14 14:49 - 2015-01-14 14:49 - 00000770 _____ () C:\Users\Petra\Desktop\JRT.txt
2015-01-14 14:43 - 2015-01-14 14:43 - 00000000 ____D () C:\Windows\ERUNT
2015-01-14 14:42 - 2015-01-14 14:42 - 01707939 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2015-01-14 14:34 - 2015-01-14 14:38 - 00000000 ____D () C:\AdwCleaner
2015-01-14 14:33 - 2015-01-14 14:33 - 02191360 _____ () C:\Users\Petra\Downloads\AdwCleaner_4.107.exe
2015-01-14 14:33 - 2015-01-14 14:33 - 00001204 _____ () C:\Users\Petra\Desktop\mbam2.txt
2015-01-14 14:32 - 2015-01-14 14:32 - 00034319 _____ () C:\Users\Petra\Desktop\mbam.txt
2015-01-14 14:18 - 2015-01-14 14:18 - 00082621 _____ () C:\Users\Petra\Downloads\pkeyuibx149z.exe
2015-01-14 13:45 - 2015-01-14 13:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Petra\Downloads\revosetup95.exe
2015-01-14 13:45 - 2015-01-14 13:45 - 00001264 _____ () C:\Users\Petra\Desktop\Revo Uninstaller.lnk
2015-01-14 13:45 - 2015-01-14 13:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-14 10:41 - 2015-01-14 10:41 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 10:19 - 2015-01-14 10:19 - 00022784 _____ () C:\Users\Petra\Downloads\Addition.txt
2015-01-14 10:18 - 2015-01-14 14:53 - 00016355 _____ () C:\Users\Petra\Downloads\FRST.txt
2015-01-14 10:16 - 2015-01-14 14:52 - 00000000 ____D () C:\FRST
2015-01-14 10:15 - 2015-01-14 10:15 - 02124288 _____ (Farbar) C:\Users\Petra\Downloads\FRST64.exe
2015-01-08 15:01 - 2015-01-08 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP540 series
2015-01-08 14:58 - 2015-01-08 14:58 - 26502544 _____ () C:\Users\Petra\Downloads\md64-win-mp540-1_04-ea24(1).exe
2015-01-08 13:11 - 2015-01-08 13:11 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-08 12:42 - 2015-01-08 12:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 10:56 - 2015-01-05 10:56 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\NVIDIA
2014-12-18 12:33 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 12:33 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:00 - 2014-12-16 16:01 - 91670064 _____ (The GIMP Team ) C:\Users\Petra\Downloads\gimp-2.8.14-setup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 14:48 - 2012-09-23 11:51 - 01268626 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 14:47 - 2009-07-14 05:45 - 00025328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 14:47 - 2009-07-14 05:45 - 00025328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 14:41 - 2013-08-26 17:07 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\BOM
2015-01-14 14:41 - 2012-09-23 21:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 14:40 - 2012-11-18 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 14:40 - 2012-10-27 17:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 14:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 14:40 - 2009-07-14 05:51 - 00079925 _____ () C:\Windows\setupact.log
2015-01-14 14:39 - 2012-10-05 14:11 - 00170350 _____ () C:\Windows\PFRO.log
2015-01-14 14:38 - 2013-06-30 12:28 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-14 14:38 - 2012-10-27 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-14 14:38 - 2012-09-23 17:42 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-14 14:38 - 2012-09-23 17:42 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-14 14:38 - 2012-09-23 12:13 - 00000995 _____ () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-14 14:01 - 2012-10-27 17:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 13:51 - 2014-10-03 09:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 10:41 - 2012-09-23 21:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 10:41 - 2012-09-23 21:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 10:41 - 2012-09-23 21:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 14:49 - 2012-10-04 21:34 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-08 13:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-08 12:44 - 2014-10-03 09:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-08 12:44 - 2014-10-03 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-08 12:44 - 2014-10-03 09:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 19:51 - 2014-08-17 17:57 - 00000000 ____D () C:\Users\Petra\Documents\Jona
2015-01-05 19:48 - 2014-08-17 18:09 - 00000000 ____D () C:\Users\Public\Documents\Daniel
2015-01-05 16:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-31 12:14 - 2012-09-23 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Petra\AppData\Local\Temp\gkey.exe
C:\Users\Petra\AppData\Local\Temp\pkeyui.exe
C:\Users\Petra\AppData\Local\Temp\Quarantine.exe
C:\Users\Petra\AppData\Local\Temp\sqlite3.dll
C:\Users\Petra\AppData\Local\Temp\wabk.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 10:13
==================== End Of Log ============================ --- --- --- |