Moin =)
ich weiß nicht ob´s wichtig ist aber:
Nach dem erstem Step: Malwarebytes Anti-Malware
hats mir Interneteinstellungen durcheinander gemacht, es kam eine Fehlermeldung, irgendwas mit Proxyserver :headbang:. Die konnte ich, nach kurzer Verzweiflung mittels Smatphone beheben und hab dann weiter gemacht.
Hier die Logs:
Mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 29.04.2014
Suchlauf-Zeit: 23:35:26
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.04.29.08
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Foxy
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 273400
Verstrichene Zeit: 12 Min, 17 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 3
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, 1808, Löschen bei Neustart, [b34db44c28d8f010e173c796d72a718f]
PUP.Optional.ReMarkit.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe, 5872, Löschen bei Neustart, [b64af70951aff60a654da7d50cf68c74]
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe, 5152, Löschen bei Neustart, [bd436f91d03023ddb02ae18ad13159a7]
Module: 1
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll, Löschen bei Neustart, [bd436f91d03023ddb02ae18ad13159a7],
Registrierungsschlüssel: 39
PUP.Optional.WpManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm, In Quarantäne, [b34db44c28d8f010e173c796d72a718f],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421146}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}\INPROCSERVER32, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [48b858a840c0f10f81024ecfb64cc838],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [48b858a840c0f10f81024ecfb64cc838],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, In Quarantäne, [b050bb45778905fbd700453626dc1be5],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [b54b57a915eb6e92f7e05f1cf21031cf],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [4cb4768a57a9e31df6b9ddcdcd36a55b],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, In Quarantäne, [629ebc445ba552ae3fa1403a887a06fa],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [de2245bb30d04eb2caee8eedab57c33d],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636, In Quarantäne, [c33d0df38878669ad40357247a88b14f],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [35cb2dd3f50bf10ffddafe7d748ec13f],
PUP.Optional.ReMarkit.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-markit, In Quarantäne, [b64af70951aff60a654da7d50cf68c74],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Löschen bei Neustart, [5ca4867a9a6656aa6280b5c551b144bc],
PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 8, Löschen bei Neustart, [916f768a9c64cc34e8a8b8caf50dbf41],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [f60af808659b4cb41dc5c1b9dc26867a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, In Quarantäne, [3fc147b90df39a66f1e70a71946eb54b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [06fa40c0c23ea55b11c73c3fa45e6997],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Freeven, In Quarantäne, [718fd42c40c0f40cb28c1a65758dde22],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511311172}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555315572}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566316672}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544314472}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522312272}, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511311172}\INPROCSERVER32, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
Registrierungswerte: 3
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com, In Quarantäne, [8080bf4151af4ab6f283ff7d976bae52]
PUP.Optional.WpManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM|ImagePath, C:\ProgramData\WPM\wprotectmanager.exe -service, In Quarantäne, [29d72bd519e7dc24dcb1d9d6ab58bc44]
PUM.Bad.Proxy, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, In Quarantäne, [7b8514ec1de3916fc40e04b3729105fb]
Registrierungsdaten: 10
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX),Ersetzt,[fa0645bb34ccbe4276f7be6c33d19b65]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ad5329d7b94700001985ba7a62a2e21e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX&q={searchTerms}),Ersetzt,[b54b0ff137c959a7600b7fabc143fb05]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX),Ersetzt,[9a6624dc6d935fa10465909ae71d10f0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1398104822&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX),Ersetzt,[6b95a060f8089070105d27033fc5c838]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwVA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwVA,,&q={searchTerms}),Ersetzt,[12ee689808f80ff154525ad04cb89769]
PUP.Optional.Snapdo, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWfpGNmGzyd-nfs5rQowkG6tjiDSVVX1yRPJlvT8_b7OehfvIIJkcscWyN0YOgwAg,,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWfpGNmGzyd-nfs5rQowkG6tjiDSVVX1yRPJlvT8_b7OehfvIIJkcscWyN0YOgwAg,,),Ersetzt,[32cecc34a15f2dd367a8023202023ac6]
PUP.Optional.Snapdo, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwUw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwUw,,&q={searchTerms}),Ersetzt,[a45ca15ffd03c43c55bb8ea66f95ce32]
PUP.Optional.Snapdo, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwUw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwUw,,&q={searchTerms}),Ersetzt,[25dbe61a887814ec59b882b2eb19af51]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3991430732-1547820018-2862651435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwUw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna0-fJokiHHAdlYn2YrToS6Jnu4mf9j7Nqfv_KIKf160k556EcVZKqvdrhFFELU8tSWT826gQGp_xp0Jt_VzlZe6D-5Tx62kd1WG3-CrCOIp2axArHy4JLCzq7TYd3IwUw,,&q={searchTerms}),Ersetzt,[1ae69f61fe02f907abfc5dcd3aca1ee2]
Ordner: 61
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus, In Quarantäne, [30d03ac6b8483fc19549e793d32fa35d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8, In Quarantäne, [04fcef1144bca65a411efe6b0df5926e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft, Löschen bei Neustart, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\include, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\include\tools, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\en, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\en-US, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\es, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\es-419, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\it, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\pl, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\ru, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\tr, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\vi, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\weather, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\defaults, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\defaults\preferences, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
Dateien: 161
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Löschen bei Neustart, [b34db44c28d8f010e173c796d72a718f],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll, In Quarantäne, [5aa69f611fe179876b8fdd8af809fd03],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [48b858a840c0f10f81024ecfb64cc838],
PUP.Optional.SupTab.A, C:\Users\Foxy\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [2ad6ad531be5946c58f53005fb05857b],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI1D20.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [e61a679955aba060d83feb43b050e11f],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\background.html, In Quarantäne, [30d03ac6b8483fc19549e793d32fa35d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\54246.crx, In Quarantäne, [30d03ac6b8483fc19549e793d32fa35d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\54246.xpi, In Quarantäne, [30d03ac6b8483fc19549e793d32fa35d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus.ico, In Quarantäne, [30d03ac6b8483fc19549e793d32fa35d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\Uninstall.exe, In Quarantäne, [30d03ac6b8483fc19549e793d32fa35d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\utils.exe, In Quarantäne, [30d03ac6b8483fc19549e793d32fa35d],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [80802ad6d0303dc36753f685cb37c040],
PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit Update.job, In Quarantäne, [04fc58a8ef113fc1e8cba1db45bdb44c],
PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit_wd.job, In Quarantäne, [798724dcd828f8083d76106ca65c1fe1],
PUP.Optional.WebSearch.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\searchplugins\Web Search.xml, In Quarantäne, [ba4623dd9769a75987f58fef09f9ac54],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [eb15669a32cef50b5e13f2937092758b],
PUP.Optional.ReMarkit.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe, Löschen bei Neustart, [b64af70951aff60a654da7d50cf68c74],
PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8\ef10a7e3-8f43-47d3-96ca-6cc3324aa180-2.exe, In Quarantäne, [04fcef1144bca65a411efe6b0df5926e],
PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 8\ef10a7e3-8f43-47d3-96ca-6cc3324aa180-3.exe, In Quarantäne, [04fcef1144bca65a411efe6b0df5926e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.crx, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.dat, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.xpi, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\a.db, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\b.db, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.bin, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll, Löschen bei Neustart, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.ini, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe, Löschen bei Neustart, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Sqlite3.dll, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Uninstall.exe, In Quarantäne, [bd436f91d03023ddb02ae18ad13159a7],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome.manifest, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\install.rdf, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\index.html, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js\doT.min.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js\jquery-2.1.0.min.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\arrow.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\googlelogo2.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\style.css, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\addonmanager.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\aes.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\config.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\dialogs.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\last_tab.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\misc.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\properties.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\remoterequest.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.QuickStart.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\extensions\quick_start@gmail.com\modules\settings.js, In Quarantäne, [cd33de22629e54ac7b8ff676cc3652ae],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\92.json, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\uninstallDlg.xml, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\UninstallManager.exe, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [f50b16ea13edb24e125abcb01be73fc1],
PUP.Optional.CrossRider.M, C:\Program Files (x86)\HQ-V-Pro-1.91\HQ-V-Pro-1.91-bho64.dll, In Quarantäne, [97691de3f30dde22462e58dfd33151af],
PUP.Optional.WebsSearches.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1398628219&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX");), Ersetzt,[ed13fd03ea16e020743a6af5a85ccd33]
PUP.Optional.CrossRider.A, C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "145858c065d742f62ce96ad1d363503d");), Ersetzt,[cc34d927669a15eb2aef3b25a95b04fc]
Physische Sektoren: 0
(No malicious items detected)
(end) AdwCleaner[S0] Code:
# AdwCleaner v3.205 - Bericht erstellt am 29/04/2014 um 23:47:44
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Foxy - FOXY-PC
# Gestartet von : E:\Eigene Datein\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Uninstaller
Ordner Gelöscht : C:\Users\Foxy\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Foxy\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\Foxy\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Foxy\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Foxy\AppData\Roaming\SupTab
Datei Gelöscht : C:\Users\Foxy\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\user.js
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Foxy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Foxy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{372479DD-B552-F0A8-F0E5-EEEEA6602285}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1398628219&from=tugs&uid=HitachiXHUA722010CLA330_JPW9P0N01MRAXD1MRAXDX");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "145858c065d742f62ce96ad1d363503d");
*************************
AdwCleaner[R0].txt - [7392 octets] - [29/04/2014 23:46:59]
AdwCleaner[S0].txt - [6534 octets] - [29/04/2014 23:47:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6594 octets] ########## JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Foxy on 29.04.2014 at 23:52:28,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Emptied folder: C:\Users\Foxy\AppData\Roaming\mozilla\firefox\profiles\kpxs6si1.default\minidumps [12 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.04.2014 at 23:56:53,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und frisch mit Perwoll gewaschen,
FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Foxy (administrator) on FOXY-PC on 30-04-2014 00:03:12
Running from E:\Eigene Datein\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(TomTom) F:\Programme\Tomtom\TomTom HOME 2\TomTomHOMERunner.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LogMeIn Inc.) F:\Programme\Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(LogMeIn, Inc.) F:\Programme\Hamachi\LMIGuardianSvc.exe
(TomTom) F:\Programme\Tomtom\TomTom HOME 2\TomTomHOMEService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(LogMeIn Inc.) F:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) F:\Programme\Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-20] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-08-06] (FNet Co., Ltd.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LanTalk.NET] => C:\Program Files (x86)\CEZEO software\LanTalk NET\LanTalk.exe [302904 2013-04-25] (CEZEO software Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => F:\Programme\Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-21-3991430732-1547820018-2862651435-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3991430732-1547820018-2862651435-1000\...\Run: [EADM] => F:\Programme\Origin\Origin.exe [3588952 2014-04-25] (Electronic Arts)
HKU\S-1-5-21-3991430732-1547820018-2862651435-1000\...\Run: [TomTomHOME.exe] => F:\Programme\Tomtom\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC99A631D3796CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: zonealarm.com - C:\Users\Foxy\AppData\Roaming\Mozilla\Firefox\Profiles\kpxs6si1.default\Extensions\ffxtlbr@zonealarm.com [2013-08-11]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-08]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 Hamachi2Svc; F:\Programme\Hamachi\hamachi-2.exe [2227536 2014-04-15] (LogMeIn Inc.)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-08-25] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-08-25] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)
R2 TomTomHOMEService; F:\Programme\Tomtom\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
==================== Drivers (Whitelisted) ====================
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-11-29] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-08-06] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-30 00:02 - 2014-04-30 00:02 - 00059079 _____ () C:\Users\Foxy\Desktop\Neues Textdokument.txt
2014-04-29 23:56 - 2014-04-29 23:56 - 00000909 _____ () C:\Users\Foxy\Desktop\JRT.txt
2014-04-29 23:52 - 2014-04-29 23:52 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 23:49 - 2014-04-29 23:49 - 00006690 _____ () C:\Users\Foxy\Desktop\AdwCleaner[S0].txt
2014-04-29 23:46 - 2014-04-29 23:47 - 00000000 ____D () C:\AdwCleaner
2014-04-29 23:40 - 2014-04-29 23:40 - 00051103 _____ () C:\Users\Foxy\Desktop\mbam.txt
2014-04-29 23:19 - 2014-04-29 23:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 23:18 - 2014-04-29 23:18 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 23:18 - 2014-04-29 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 23:18 - 2014-04-29 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 23:18 - 2014-04-29 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 23:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 23:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 23:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-28 18:24 - 2014-04-28 18:24 - 00076356 _____ () C:\ComboFix.txt
2014-04-28 18:07 - 2014-04-28 18:24 - 00000000 ____D () C:\Qoobox
2014-04-28 18:07 - 2014-04-28 18:23 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 18:07 - 2014-04-28 18:07 - 00000000 ___RD () C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-28 18:07 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-28 18:07 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-28 18:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-28 18:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-28 18:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-28 18:07 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-28 18:07 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-28 18:07 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-28 18:05 - 2014-04-28 18:04 - 05196309 ____R (Swearware) C:\Users\Foxy\Desktop\ComboFix.exe
2014-04-27 22:33 - 2014-04-30 00:03 - 00000000 ____D () C:\FRST
2014-04-27 22:02 - 2014-04-27 22:08 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\Nico Mak Computing
2014-04-27 21:37 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Foxy\AppData\Local\com
2014-04-27 21:35 - 2014-04-27 21:37 - 00000000 ___RD () C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 20:28 - 2014-04-29 23:37 - 00000000 ____D () C:\ProgramData\WPM
2014-04-21 20:27 - 2014-04-29 23:35 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.91
2014-04-21 20:26 - 2014-04-21 20:26 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 19:55 - 2014-04-21 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-15 21:45 - 2014-04-15 20:21 - 02401074 _____ () C:\Users\Foxy\Desktop\launcher^FTB_Launcher.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-15 21:25 - 2014-04-15 21:25 - 00000000 ____D () C:\Program Files\Java
2014-04-15 20:31 - 2014-04-15 21:03 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\ftblauncher
2014-04-15 20:01 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-15 20:01 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-15 20:01 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-15 20:01 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-15 20:00 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-15 20:00 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-15 20:00 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-15 20:00 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-15 20:00 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-15 20:00 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-15 20:00 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-15 20:00 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-15 20:00 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-15 20:00 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-15 20:00 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-15 20:00 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-15 20:00 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-15 20:00 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-15 20:00 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-15 20:00 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-15 20:00 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 20:10 - 2014-04-08 20:10 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\PDF Architect
2014-04-08 20:07 - 2014-04-08 20:09 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-08 20:07 - 2014-04-08 20:07 - 00001035 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-04-08 20:07 - 2014-04-08 20:07 - 00000997 _____ () C:\Users\Foxy\Desktop\PDF Architect.lnk
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\Foxy\Documents\PDF Architect Files
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-04-08 20:07 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-04-08 20:07 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-04-08 20:07 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-04-08 20:07 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-04-08 20:07 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-04-08 20:07 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-04-08 19:57 - 2014-04-08 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-30 00:03 - 2014-04-27 22:33 - 00000000 ____D () C:\FRST
2014-04-30 00:02 - 2014-04-30 00:02 - 00059079 _____ () C:\Users\Foxy\Desktop\Neues Textdokument.txt
2014-04-29 23:57 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 23:57 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 23:56 - 2014-04-29 23:56 - 00000909 _____ () C:\Users\Foxy\Desktop\JRT.txt
2014-04-29 23:55 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-29 23:55 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-29 23:55 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 23:53 - 2013-08-06 00:42 - 01547793 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 23:52 - 2014-04-29 23:52 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 23:50 - 2014-04-29 23:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 23:50 - 2013-08-23 16:07 - 00000000 ____D () C:\ProgramData\Origin
2014-04-29 23:49 - 2014-04-29 23:49 - 00006690 _____ () C:\Users\Foxy\Desktop\AdwCleaner[S0].txt
2014-04-29 23:49 - 2013-08-13 21:06 - 00000000 ____D () C:\Users\Foxy\AppData\Local\LogMeIn Hamachi
2014-04-29 23:48 - 2013-08-06 00:57 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-04-29 23:48 - 2010-11-21 05:47 - 00579000 _____ () C:\Windows\PFRO.log
2014-04-29 23:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 23:48 - 2009-07-14 06:51 - 00039007 _____ () C:\Windows\setupact.log
2014-04-29 23:47 - 2014-04-29 23:46 - 00000000 ____D () C:\AdwCleaner
2014-04-29 23:47 - 2013-08-11 04:06 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 23:40 - 2014-04-29 23:40 - 00051103 _____ () C:\Users\Foxy\Desktop\mbam.txt
2014-04-29 23:37 - 2014-04-21 20:28 - 00000000 ____D () C:\ProgramData\WPM
2014-04-29 23:37 - 2013-08-11 04:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 23:35 - 2014-04-21 20:27 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.91
2014-04-29 23:24 - 2013-08-11 04:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 23:24 - 2013-08-11 04:16 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 23:24 - 2013-08-11 04:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 23:18 - 2014-04-29 23:18 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 23:18 - 2014-04-29 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 23:18 - 2014-04-29 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 23:18 - 2014-04-29 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-28 18:24 - 2014-04-28 18:24 - 00076356 _____ () C:\ComboFix.txt
2014-04-28 18:24 - 2014-04-28 18:07 - 00000000 ____D () C:\Qoobox
2014-04-28 18:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-28 18:23 - 2014-04-28 18:07 - 00000000 ____D () C:\Windows\erdnt
2014-04-28 18:21 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-28 18:18 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 18:17 - 2013-08-06 00:41 - 00000000 ____D () C:\Users\Foxy
2014-04-28 18:07 - 2014-04-28 18:07 - 00000000 ___RD () C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-28 18:04 - 2014-04-28 18:05 - 05196309 ____R (Swearware) C:\Users\Foxy\Desktop\ComboFix.exe
2014-04-27 22:08 - 2014-04-27 22:02 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\Nico Mak Computing
2014-04-27 21:37 - 2014-04-27 21:37 - 00000000 ____D () C:\Users\Foxy\AppData\Local\com
2014-04-27 21:37 - 2014-04-27 21:35 - 00000000 ___RD () C:\Users\Foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-27 01:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-26 15:35 - 2013-08-06 00:57 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-04-26 03:08 - 2013-08-11 14:38 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\vlc
2014-04-25 23:48 - 2013-08-11 16:41 - 00000000 ____D () C:\Users\Foxy\AppData\Local\Adobe
2014-04-21 21:59 - 2013-08-11 14:38 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-21 21:59 - 2013-08-11 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-04-21 21:58 - 2014-03-03 15:10 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\dvdcss
2014-04-21 20:26 - 2014-04-21 20:26 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-21 20:26 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-21 20:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-21 20:05 - 2013-08-14 21:24 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\.minecraft
2014-04-21 19:55 - 2014-04-21 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-15 21:36 - 2013-08-11 23:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 21:35 - 2013-08-11 09:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-15 21:30 - 2013-08-18 17:54 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\.technic
2014-04-15 21:29 - 2013-08-18 18:02 - 02346942 _____ () C:\Users\Foxy\Desktop\TechnicLauncher.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-15 21:25 - 2014-04-15 21:25 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-15 21:25 - 2014-04-15 21:25 - 00000000 ____D () C:\Program Files\Java
2014-04-15 21:03 - 2014-04-15 20:31 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\ftblauncher
2014-04-15 20:21 - 2014-04-15 21:45 - 02401074 _____ () C:\Users\Foxy\Desktop\launcher^FTB_Launcher.exe
2014-04-15 19:59 - 2013-08-11 17:03 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\HpUpdate
2014-04-08 21:26 - 2013-08-11 04:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-08 20:10 - 2014-04-08 20:10 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\PDF Architect
2014-04-08 20:09 - 2014-04-08 20:07 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-08 20:07 - 2014-04-08 20:07 - 00001035 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-04-08 20:07 - 2014-04-08 20:07 - 00000997 _____ () C:\Users\Foxy\Desktop\PDF Architect.lnk
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Users\Foxy\Documents\PDF Architect Files
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2014-04-08 20:07 - 2014-04-08 20:07 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-04-08 19:57 - 2014-04-08 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 17:59 - 2013-08-11 04:19 - 00000000 ____D () C:\Users\Foxy\AppData\Roaming\Skype
2014-04-06 15:20 - 2013-12-05 18:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-03 09:51 - 2014-04-29 23:18 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 23:18 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 23:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 03:16 - 2014-04-15 20:01 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-15 20:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-15 20:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-15 20:01 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
Files to move or delete:
====================
C:\Users\Foxy\error_report.exe
C:\Users\Foxy\OverwolfTeamSpeakInstaller.exe
C:\Users\Foxy\package_inst.exe
C:\Users\Foxy\QtCore4.dll
C:\Users\Foxy\QtGui4.dll
C:\Users\Foxy\QtNetwork4.dll
C:\Users\Foxy\QtSql4.dll
C:\Users\Foxy\ts3client_win64.exe
Some content of TEMP:
====================
C:\Users\Foxy\AppData\Local\Temp\avgnt.exe
C:\Users\Foxy\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-26 17:57
==================== End Of Log ============================ --- --- ---
--- --- ---
Jetzt ist mittlerweile diese komische Suche und Statseite weg, aber irgendwas versucht mir noch immer einen falschen(?) Flasplayer unter zu schieben... :wtf:
Grüße Hekate |