Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Notebook mit webssearches beglückt (https://www.trojaner-board.de/151730-notebook-webssearches-beglueckt.html)

martinz 30.03.2014 02:33
Notebook mit webssearches beglückt
 
Guten Morgen,

leider habe ich mich in die Riege der unfreiwilligen webssearches Verwender eingereiht.

Das websearches Programm selbst habe ich schon deinstalliert, den 4 installierten Programmen habe ich zumindest alle *.exe auf *.evr umbenannt.

Anbei ein aktuelles FRST.txt und nachfolgend ein additions.txt

frst.txt:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by martin (administrator) on MARTIN-COMPAQPC on 30-03-2014 03:13:16
Running from C:\Downloads\Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358208 2010-12-11] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111760 2010-12-11] ()
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [Free Download Manager] - C:\Program Files (x86)\Free Download Manager\fdm.exe [6875136 2013-03-27] (FreeDownloadManager.ORG)
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [] - [X]
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F08D7E9FB89CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4DC39C54-CC7C-4B18-8CFE-4BA0DA49B0E5} URL = hxxp://www.google.at/search?q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKCU - {4DC39C54-CC7C-4B18-8CFE-4BA0DA49B0E5} URL = hxxp://www.google.at/search?q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default
FF user.js: detected! => C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Quick Start - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\quick_start@gmail.com [2014-03-30]
FF Extension: Exif Viewer - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-12-29]
FF Extension: FxIF - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2013-12-29]
FF Extension: Mozilla Archive Format - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2013-12-29]
FF Extension: Greasemonkey - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-22]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com [2014-03-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]
FF HKCU\...\Firefox\Extensions: [{639dacdc-21ee-4f5e-8f4a-57e7c3045c72}] - C:\Program Files (x86)\Re-markit Corp\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit Corp\158.xpi [2014-03-30]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [X]
S4 Re-markit; C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe [X]
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe -service [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                          )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 00:41 - 2014-03-30 01:38 - 00000398 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-03-30 00:41 - 2014-03-30 01:38 - 00000392 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-03-30 00:41 - 2014-03-30 01:06 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 00:41 - 2014-03-30 01:04 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 00:41 - 2014-03-30 01:01 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 00:41 - 2014-03-30 01:01 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 00:41 - 2014-03-30 00:41 - 00003048 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-03-30 00:41 - 2014-03-30 00:41 - 00002982 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-03-30 00:41 - 2014-03-30 00:41 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SupTab
2014-03-30 00:39 - 2014-03-30 02:37 - 00000470 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-30 00:39 - 2014-03-30 00:39 - 00003492 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-30 00:39 - 2014-03-30 00:39 - 00000000 ____D () C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:51 - 2014-03-27 13:52 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-23 16:01 - 2014-03-23 18:02 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:19 - 2014-03-22 13:35 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-17 21:50 - 2014-03-19 02:13 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-15 18:09 - 2014-03-16 18:07 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-13 15:35 - 2014-03-13 15:43 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:42 - 2014-03-12 15:32 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-08 14:43 - 2014-03-08 14:48 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-04 14:24 - 2014-03-29 13:18 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-02 20:31 - 2014-03-04 14:35 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls

==================== One Month Modified Files and Folders =======

2014-03-30 03:13 - 2014-02-01 16:50 - 00000000 ____D () C:\FRST
2014-03-30 03:03 - 2013-06-22 01:59 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Free Download Manager
2014-03-30 02:53 - 2013-08-14 20:42 - 00000000 ____D () C:\d
2014-03-30 02:47 - 2013-09-20 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 02:46 - 2013-09-20 17:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 02:46 - 2013-06-22 01:08 - 00001421 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 02:37 - 2014-03-30 00:39 - 00000470 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-30 01:45 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 01:45 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 01:41 - 2013-06-22 00:56 - 01098095 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 01:40 - 2014-02-27 15:43 - 00000000 ___RD () C:\Users\martin\Dropbox
2014-03-30 01:40 - 2014-02-27 15:34 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox
2014-03-30 01:39 - 2014-01-20 21:08 - 00000000 ____D () C:\Users\martin\AppData\Local\TSVNCache
2014-03-30 01:38 - 2014-03-30 00:41 - 00000398 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-03-30 01:38 - 2014-03-30 00:41 - 00000392 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-03-30 01:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 01:37 - 2009-07-14 06:51 - 00060632 _____ () C:\Windows\setupact.log
2014-03-30 01:18 - 2013-06-22 02:43 - 00000000 ____D () C:\Program Files\totalcmd
2014-03-30 01:06 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 01:04 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 01:01 - 2014-03-30 00:41 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 01:01 - 2014-03-30 00:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 00:41 - 2014-03-30 00:41 - 00003048 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-03-30 00:41 - 2014-03-30 00:41 - 00002982 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-03-30 00:41 - 2014-03-30 00:41 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SupTab
2014-03-30 00:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-30 00:39 - 2014-03-30 00:39 - 00003492 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-30 00:39 - 2014-03-30 00:39 - 00000000 ____D () C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-29 13:18 - 2014-03-04 14:24 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-28 20:16 - 2010-11-21 08:50 - 00699440 _____ () C:\Windows\system32\perfh007.dat
2014-03-28 20:16 - 2010-11-21 08:50 - 00149548 _____ () C:\Windows\system32\perfc007.dat
2014-03-28 20:16 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-28 15:47 - 2013-06-22 01:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:52 - 2014-03-27 13:51 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-24 01:25 - 2013-06-22 02:36 - 00000000 ____D () C:\Users\martin\AppData\Roaming\gsak
2014-03-23 18:02 - 2014-03-23 16:01 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-22 13:35 - 2014-03-19 02:19 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 18:01 - 2014-02-14 22:11 - 00002853 _____ () C:\Users\martin\Documents\360er_jufi_opencaches.txt
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:13 - 2014-03-17 21:50 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-16 18:07 - 2014-03-15 18:09 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-13 15:43 - 2014-03-13 15:35 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 15:35 - 2014-02-16 15:18 - 00008825 _____ () C:\Users\martin\Documents\gehalts_spanne.xlsx
2014-03-12 15:32 - 2014-03-12 12:42 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-10 16:23 - 2014-02-09 21:33 - 00007655 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-09 08:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-08 14:48 - 2014-03-08 14:43 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-08 13:59 - 2013-12-03 18:19 - 00061440 _____ () C:\Users\martin\Documents\Movies_2_get.xls
2014-03-08 13:18 - 2013-12-03 18:19 - 00037888 _____ () C:\Users\martin\Documents\books_got.xls
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-04 14:35 - 2014-03-02 20:31 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls
2014-02-28 18:12 - 2014-02-25 18:43 - 00004100 _____ () C:\Users\martin\Documents\hd_hcp_video.txt

Some content of TEMP:
====================
C:\Users\martin\AppData\Local\Temp\Checkupdate.exe
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsvrmnb.dll
C:\Users\martin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\martin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\martin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\martin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\martin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\martin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\martin\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\martin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 15:43

==================== End Of Log ============================
additions.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by martin at 2014-03-30 03:13:52
Running from C:\Downloads\Software
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
Acronis*True*Image*Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
D1600 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_SF_06_D1600_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Garmin BaseCamp (HKLM-x32\...\{EA32DDCC-6A44-482D-8638-DB199E95B4D2}) (Version: 4.2.3 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO Österreich v2 (HKLM-x32\...\{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GSAK 8.3.0.1 (HKLM-x32\...\GSAK_is1) (Version:  - CWE computer services)
Heatsoft ADCS 2.01 (HKLM-x32\...\Heatsoft ADCS_is1) (Version: 2.01 build 5 - Heatsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (HKLM\...\{2CD0168D-FBBC-4667-8810-105CB6EC6348}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Scanjet 2400 (HKLM\...\{7B604AC7-B496-473F-A17C-489398E38BEA}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
hpg2410 (x32 Version: 14.0.0.0 - Ihr Firmenname) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Re-markit (HKLM-x32\...\9427968a-c9d0-406f-adac-5d9c52b234cb) (Version:  - Re-markit Software) <==== ATTENTION
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TortoiseSVN 1.8.4.24972 (64 bit) (HKLM\...\{A2EFDE01-96B3-4E55-8834-81617ED6BCBE}) (Version: 1.8.24972 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
URL Snooper v2.32.01 (HKLM-x32\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

09-02-2014 21:55:23 test 10.2.
14-02-2014 13:50:14 Windows Update
19-02-2014 20:06:46 Windows Update
23-02-2014 23:46:59 Windows Update
08-03-2014 12:25:31 Windows Update
21-03-2014 12:59:37 Windows Update
28-03-2014 14:17:56 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {5AB48036-31D6-48C7-81B1-567461622FDE} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit Corp\ReMarju.exe <==== ATTENTION
Task: {5B74AA91-D4D7-4ACB-83AE-8D722FE51FB9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-25] (AVAST Software)
Task: {7171A46C-DF6B-4BF8-B49F-3D7D858EA721} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe <==== ATTENTION
Task: {80CAB469-A913-42DE-A8EC-70C0A619C687} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A18BB295-7655-4D97-A1D5-A5FCBB8EF044} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DD4EC6F7-BD6B-4FB0-967C-37051F0C4073} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {E9F7CE16-BD79-44F2-9E20-50F1E3E8B009} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FB72A84E-1D33-4AB4-AE05-C5ADBB10C3DE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FFE148BE-7BF9-434B-82CA-2F0561E03105} - System32\Tasks\AmiUpdXp => C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3\d6d829bd-95fe-4a6b-962b-40cf791460c3.exe [2014-03-30] () <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3\d6d829bd-95fe-4a6b-962b-40cf791460c3.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit Corp\ReMarju.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-11-24 14:37 - 2013-11-24 14:37 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-11-24 14:36 - 2013-11-24 14:36 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-12-11 21:09 - 2010-12-11 21:09 - 01200656 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-12-26 14:06 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-12-26 14:06 - 2012-01-29 17:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-03-29 22:28 - 2014-03-29 19:47 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032902\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-22 01:58 - 2013-01-11 03:22 - 03547136 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00071408 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-11-26 16:19 - 2013-11-26 16:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-30 02:39 - 2014-03-30 02:39 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-22 01:58 - 2013-01-11 03:17 - 00105984 _____ () C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
2014-01-15 22:38 - 2014-01-15 22:38 - 00283648 _____ () C:\ProgramData\Free Download Manager\Firefox\Extensions\1.6.0.1\components\vmsfdmff22.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Re-markit => 2
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2014 01:39:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 01:17:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 00:20:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 742144

Error: (03/30/2014 00:20:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 742144

Error: (03/30/2014 00:20:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 11:10:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 728307

Error: (03/29/2014 11:10:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 728307

Error: (03/29/2014 11:10:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 10:57:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2262

Error: (03/29/2014 10:57:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2262


System errors:
=============
Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 9
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:37:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wpm Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (12/11/2013 02:06:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4564 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (11/30/2013 00:29:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 251229 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/05/2013 01:43:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 248356 seconds with 3900 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-01-28 15:22:10.559
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sfc_os.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-24 11:53:32.215
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sfc_os.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3836.87 MB
Available physical RAM: 2454.39 MB
Total Pagefile: 3851.05 MB
Available Pagefile: 2437.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:410.01 GB) (Free:16.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 045AD822)
Partition 1: (Active) - (Size=410 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=05)

==================== End Of Log ============================
Bitte um weitere Hilfe!

Herzlichen Dank im Voraus, Martin

schrauber 30.03.2014 06:48
hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

martinz 31.03.2014 18:38
Hallo,

-) revo uninstaller ist erfolgreich gelaufen

-) mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.03.2014
Suchlauf-Zeit: 21:20:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.30.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: martin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 283284
Verstrichene Zeit: 3 Std, 50 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 13
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, HKU\S-1-5-21-598720845-1907532990-1611617127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, HKU\S-1-5-21-598720845-1907532990-1611617127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [6c948f711be5a0602cff4c3d27dc0af6],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [887815ebc937a7599365c495b2506799],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [26dacc34639d05fb5ecdfb8eba4912ee],
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [c9370ff121df1de3f5d0bfa41be7669a],
PUP.Optional.Qone8, HKU\S-1-5-21-598720845-1907532990-1611617127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [d729f10fd030cb35c7631178bc4714ec],

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com, In Quarantäne, [e21ee41cec14a55ba3126bef54aefc04]

Registrierungsdaten: 12
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Ersetzt,[e71919e7679932ce6c5cfa690200e31d]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Ersetzt,[e71919e7679932ce6c5cfa690200e31d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[9070e61aec14d8286ee6669c6e9660a0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}),Ersetzt,[7d83ef111ae6d729065112f02cd8956b]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[79879c645ba538c88acc0af8fe06f30d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[8d736f918d73b0508fc960a28a7a7b85]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ef11c13f03fd10f0de66cc4042c254ac]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[ff0126dadd2324dc4e0627db758f926e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}),Ersetzt,[d52b4eb2f40c5ca42b2c28daf70d3fc1]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[7b854ab6f60abd43a7af23df11f330d0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[6d9334cc10f059a778e02dd552b226da]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[827e26da6799cd33d371c745a85c9070]

Ordner: 59
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [669a2ed251af9f611d8b7dd527db619f],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [669a2ed251af9f611d8b7dd527db619f],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en-US, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es-419, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pl, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\tr, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\vi, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\defaults, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\defaults\preferences, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.WebsSearches.A, C:\Users\martin\AppData\Roaming\webssearches, In Quarantäne, [2ad67e82768ab64a23c59fb7b250f808],
PUP.Optional.WebsSearches.A, C:\Users\martin\AppData\Roaming\webssearches\images, In Quarantäne, [2ad67e82768ab64a23c59fb7b250f808],

Dateien: 210
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6],
PUP.Optional.SupTab.A, C:\Users\martin\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [a85841bfbe421ce491bac96c0bf5ce32],
PUP.Optional.Amonetize.A, C:\Downloads\Datenbank gel ster Multis und Mysteries.evr, In Quarantäne, [a45ca957ba46d62a362991ab728ee61a],
PUP.Optional.SkyTech.A, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\alilog.dll, In Quarantäne, [d22e3ec22ed2fd0319fa270b34cc8779],
PUP.Optional.SkyTech.A, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\package1.zip, In Quarantäne, [ab5522de2dd31ae6cc475fd317e9aa56],
PUP.Optional.SupTab.A, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\tmp\SupTab.exe, In Quarantäne, [e21e0af6e020a7593615ec499c64b14f],
PUP.Optional.WpManager, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\tmp\wpm.exe, In Quarantäne, [b050ca36c739f808fa5385d3e819d52b],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [0af63dc3f30d6799867483d6e1219f61],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.evr, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.evr, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\27.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\1.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\10.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\11.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\12.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\13.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\14.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\15.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\16.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\17.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\18.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\19.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\2.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\20.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\21.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\22.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\23.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\24.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\25.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\26.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\28.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\29.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\3.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\30.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\31.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\32.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\33.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\34.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\35.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\36.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\37.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\38.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\39.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\4.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\40.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\41.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\42.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\43.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\44.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\45.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\46.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\47.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\5.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\6.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\7.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\8.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\9.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\background.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-base.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.evr, In Quarantäne, [669a2ed251af9f611d8b7dd527db619f],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome.manifest, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\install.rdf, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\index.html, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\library.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon128.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon16.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon48.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\iconsmall.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\search.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\style.css, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\27.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\1.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\10.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\11.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\12.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\13.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\14.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\15.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\16.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\17.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\18.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\19.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\2.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\20.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\21.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\22.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\23.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\24.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\25.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\26.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\28.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\29.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\3.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\30.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\31.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\32.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\33.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\34.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\35.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\36.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\37.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\38.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\39.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\4.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\40.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\41.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\42.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\43.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\44.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\45.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\46.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\47.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\5.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\6.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\7.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\8.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\9.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\addonmanager.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\aes.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\config.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\dialogs.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\last_tab.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\misc.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\properties.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\remoterequest.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\settings.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b],

Physische Sektoren: 0
(No malicious items detected)


(end)
-) AdwCleaner[Sx].txt:
Code:
# AdwCleaner v3.022 - Bericht erstellt am 31/03/2014 um 18:53:38
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : martin - MARTIN-COMPAQPC
# Gestartet von : C:\Downloads\Software\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[x] Nicht Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[x] Nicht Gelöscht : C:\Program Files (x86)\myfree codec
[x] Nicht Gelöscht : C:\Users\martin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\martin\AppData\Roaming\SupTab
Datei Gelöscht : C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x] Nicht Gelöscht : HKCU\Software\Myfree Codec
[x] Nicht Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[x] Nicht Gelöscht : [x64] HKCU\Software\Myfree Codec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ Datei : C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3185 octets] - [31/03/2014 18:26:55]
AdwCleaner[S0].txt - [3103 octets] - [31/03/2014 18:53:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3163 octets] ##########
-) JRT.txt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by martin on 31.03.2014 at 19:06:36,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\martin\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\martin\AppData\Roaming\mozilla\firefox\profiles\4xkofc0y.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2014 at 19:19:06,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-) FRST log:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by martin (administrator) on MARTIN-COMPAQPC on 31-03-2014 19:26:56
Running from C:\Downloads\Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358208 2010-12-11] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767608 2014-03-31] (AVAST Software)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111760 2010-12-11] ()
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F08D7E9FB89CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {4DC39C54-CC7C-4B18-8CFE-4BA0DA49B0E5} URL = hxxp://www.google.at/search?q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Extension: Exif Viewer - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-12-29]
FF Extension: FxIF - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2013-12-29]
FF Extension: Mozilla Archive Format - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2013-12-29]
FF Extension: Greasemonkey - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                          )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-31 19:19 - 2014-03-31 19:19 - 00001878 _____ () C:\Users\martin\Desktop\JRT.txt
2014-03-31 19:06 - 2014-03-31 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 18:26 - 2014-03-31 18:53 - 00000000 ____D () C:\AdwCleaner
2014-03-30 17:27 - 2014-03-31 18:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:27 - 2014-03-30 17:27 - 00001317 _____ () C:\Users\martin\Documents\malware_found.txt
2014-03-30 17:27 - 2014-03-30 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 17:27 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:27 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 13:43 - 2014-03-30 13:43 - 00003300 _____ () C:\Windows\System32\Tasks\{6BD176BF-730B-4029-9B53-ACDEA16CFAE3}
2014-03-30 12:04 - 2014-03-30 12:04 - 00001264 _____ () C:\Users\martin\Desktop\Revo Uninstaller.lnk
2014-03-30 12:04 - 2014-03-30 12:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 00:41 - 2014-03-30 12:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:51 - 2014-03-27 13:52 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-23 16:01 - 2014-03-23 18:02 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:19 - 2014-03-22 13:35 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-17 21:50 - 2014-03-19 02:13 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-15 18:09 - 2014-03-16 18:07 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-13 15:35 - 2014-03-13 15:43 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:42 - 2014-03-12 15:32 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-08 14:43 - 2014-03-08 14:48 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-04 14:24 - 2014-03-29 13:18 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-02 20:31 - 2014-03-04 14:35 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls

==================== One Month Modified Files and Folders =======

2014-03-31 19:26 - 2014-02-01 16:50 - 00000000 ____D () C:\FRST
2014-03-31 19:19 - 2014-03-31 19:19 - 00001878 _____ () C:\Users\martin\Desktop\JRT.txt
2014-03-31 19:06 - 2014-03-31 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 19:06 - 2013-06-22 01:59 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Free Download Manager
2014-03-31 19:02 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:02 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:01 - 2014-02-27 15:43 - 00000000 ___RD () C:\Users\martin\Dropbox
2014-03-31 19:00 - 2014-02-27 15:34 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox
2014-03-31 19:00 - 2013-06-22 00:56 - 01157494 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 18:59 - 2010-11-21 08:50 - 00699440 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 18:59 - 2010-11-21 08:50 - 00149548 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 18:59 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 18:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 18:55 - 2009-07-14 06:51 - 00060744 _____ () C:\Windows\setupact.log
2014-03-31 18:54 - 2010-11-21 05:47 - 00294688 _____ () C:\Windows\PFRO.log
2014-03-31 18:53 - 2014-03-31 18:26 - 00000000 ____D () C:\AdwCleaner
2014-03-31 18:23 - 2014-03-30 17:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 18:19 - 2014-01-20 21:08 - 00000000 ____D () C:\Users\martin\AppData\Local\TSVNCache
2014-03-30 23:50 - 2013-09-20 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 21:13 - 2013-08-14 20:42 - 00000000 ____D () C:\d
2014-03-30 17:27 - 2014-03-30 17:27 - 00001317 _____ () C:\Users\martin\Documents\malware_found.txt
2014-03-30 17:27 - 2014-03-30 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 17:27 - 2014-01-31 21:40 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Malwarebytes
2014-03-30 17:27 - 2014-01-31 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 17:27 - 2014-01-31 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 13:43 - 2014-03-30 13:43 - 00003300 _____ () C:\Windows\System32\Tasks\{6BD176BF-730B-4029-9B53-ACDEA16CFAE3}
2014-03-30 12:22 - 2014-03-30 00:41 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 12:04 - 2014-03-30 12:04 - 00001264 _____ () C:\Users\martin\Desktop\Revo Uninstaller.lnk
2014-03-30 12:04 - 2014-03-30 12:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 02:46 - 2013-09-20 17:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 02:46 - 2013-06-22 01:08 - 00001421 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 01:18 - 2013-06-22 02:43 - 00000000 ____D () C:\Program Files\totalcmd
2014-03-30 00:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-29 13:18 - 2014-03-04 14:24 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-28 15:47 - 2013-06-22 01:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:52 - 2014-03-27 13:51 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-24 01:25 - 2013-06-22 02:36 - 00000000 ____D () C:\Users\martin\AppData\Roaming\gsak
2014-03-23 18:02 - 2014-03-23 16:01 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-22 13:35 - 2014-03-19 02:19 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 18:01 - 2014-02-14 22:11 - 00002853 _____ () C:\Users\martin\Documents\360er_jufi_opencaches.txt
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:13 - 2014-03-17 21:50 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-16 18:07 - 2014-03-15 18:09 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-13 15:43 - 2014-03-13 15:35 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 15:35 - 2014-02-16 15:18 - 00008825 _____ () C:\Users\martin\Documents\gehalts_spanne.xlsx
2014-03-12 15:32 - 2014-03-12 12:42 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-10 16:23 - 2014-02-09 21:33 - 00007655 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-09 08:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-08 14:48 - 2014-03-08 14:43 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-08 13:59 - 2013-12-03 18:19 - 00061440 _____ () C:\Users\martin\Documents\Movies_2_get.xls
2014-03-08 13:18 - 2013-12-03 18:19 - 00037888 _____ () C:\Users\martin\Documents\books_got.xls
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-05 09:26 - 2014-03-30 17:27 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:27 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-31 21:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 14:35 - 2014-03-02 20:31 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls

Some content of TEMP:
====================
C:\Users\martin\AppData\Local\Temp\Checkupdate.exe
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnhmvs.dll
C:\Users\martin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\martin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\martin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\martin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\martin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\martin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\martin\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\martin\AppData\Local\Temp\Quarantine.exe
C:\Users\martin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 13:23

==================== End Of Log ============================
--- --- ---

--- --- ---


-) beim Öffnen eines neuen Tabs im Firefox steht "chrome://quick_start/content/index.html" in der URL-Zeile, was mich aber mangels Besitz von Google Chrome nicht stört.

LG & TIA, Martin

schrauber 01.04.2014 12:32
Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:14 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19