rh-berlin | 08.10.2014 19:09 | Is ja irre, wie ich verseucht bin - äh der Rechner...
Hier die Logfiles:
mbam.txt: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.10.2014
Suchlauf-Zeit: 19:12:28
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.10.08.06
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: RH
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368915
Verstrichene Zeit: 14 Min, 51 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 15
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [6adcb85ab6c63bfb92a7fdd4a959847c],
PUP.Optional.Babylon.A, HKU\S-1-5-21-638709124-720255203-905956943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [212517fb304c8ea822a9a2f5ce346d93],
PUP.Optional.Yawtix.A, HKU\S-1-5-21-638709124-720255203-905956943-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F9C8CE1B-66A0-4F45-AF10-5F24EF19BC4E}, In Quarantäne, [aa9ce82a4735f83ecf541e7a5ca6a45c],
PUP.Optional.Yawtix.A, HKU\S-1-5-21-638709124-720255203-905956943-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F9C8CE1B-66A0-4F45-AF10-5F24EF19BC4E}, In Quarantäne, [aa9ce82a4735f83ecf541e7a5ca6a45c],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{16d667ee-6782-4b21-81df-8ded8ebc3868}Gw, In Quarantäne, [1e28a072adcf999d4f7c14096e95a858],
Refog.Keylogger, HKLM\SOFTWARE\Refog Software, In Quarantäne, [1135937f3f3d132394616b6eb251f30d],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\sweet-pageSoftware, In Quarantäne, [56f00210562690a62c0f2b4735cf817f],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [1f2743cf3b414beb1444c2a7937107f9],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-638709124-720255203-905956943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [8eb8d93978042a0cf6a5f6672ed602fe],
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-638709124-720255203-905956943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI, In Quarantäne, [6adc46cccab2ec4a4fe3c0a335cfc23e],
PUP.Optional.Qone8, HKU\S-1-5-21-638709124-720255203-905956943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [5ee8a56d83f9f93d1641f17874906997],
PUP.Optional.Softonic.A, HKU\S-1-5-21-638709124-720255203-905956943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [71d5e032c9b359dd9218cf67bb4841bf],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-638709124-720255203-905956943-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [d76fdc363f3d2313610b2b1cce352fd1],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-638709124-720255203-905956943-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [a5a1cc46ef8dd95df3ccaeaf788c8e72],
PUP.Optional.Softonic.A, HKU\S-1-5-21-638709124-720255203-905956943-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [8abcb45ec8b41f17dcce4de9fc075da3],
Registrierungswerte: 3
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com, In Quarantäne, [262034defe7ed462ecdca992e71c3dc3]
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-638709124-720255203-905956943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, In Quarantäne, [6adc46cccab2ec4a4fe3c0a335cfc23e]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-638709124-720255203-905956943-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, In Quarantäne, [a5a1cc46ef8dd95df3ccaeaf788c8e72]
Registrierungsdaten: 3
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1397330490&from=cor&uid=3219913727_67194_28793B6D, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1397330490&from=cor&uid=3219913727_67194_28793B6D),Ersetzt,[24223dd54b31e84e4e9d6cab08fd22de]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[b591868cb1cbe155cdb656c123e28e72]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-638709124-720255203-905956943-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1397330490&from=cor&uid=3219913727_67194_28793B6D, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1397330490&from=cor&uid=3219913727_67194_28793B6D),Ersetzt,[fb4be52d06763bfb6d79bf58db2ad12f]
Ordner: 33
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\include, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\include\tools, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\en, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\en-US, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\es, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\es-419, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\it, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\pl, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\ru, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\tr, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\vi, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\defaults, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\defaults\preferences, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [4006957dd6a68aac1d22b74b7e8555ab],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DSite\UpdateProc, In Quarantäne, [8fb78c86f28a49ed043de31f5da6e818],
Dateien: 122
Spyware.KGBSpy, C:\Users\RH2708\Downloads\refog_setup_free_kl_764_.exe, In Quarantäne, [c77fd939215b81b5b42353d5c1442bd5],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{16d667ee-6782-4b21-81df-8ded8ebc3868}Gw.sys, In Quarantäne, [1e28a072adcf999d4f7c14096e95a858],
PUP.Optional.BProtector.A, C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\bprotector_extensions.sqlite, In Quarantäne, [0e3816fcd4a81c1a1f8fcf6dd72c718f],
PUP.Optional.BProtector.A, C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\bprotector_prefs.js, In Quarantäne, [4cfae32fb8c4171f04ab3ffda65d0ff1],
PUP.Optional.SweetPage.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml, In Quarantäne, [93b318fad1ab53e3fc3ea9c91ee6cf31],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome.manifest, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\install.rdf, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\index.html, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\js\library.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\icon128.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\icon16.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\icon48.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\iconsmall.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\search.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\style.css, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\27.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\1.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\10.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\11.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\12.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\13.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\14.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\15.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\16.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\17.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\18.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\19.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\2.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\20.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\21.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\22.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\23.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\24.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\25.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\26.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\28.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\29.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\3.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\30.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\31.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\32.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\33.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\34.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\35.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\36.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\37.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\38.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\39.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\4.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\40.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\41.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\42.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\43.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\44.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\45.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\46.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\47.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\5.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\6.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\7.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\8.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\chrome\skin\weather\9.png, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\addonmanager.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\aes.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\config.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\dialogs.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\last_tab.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\misc.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\properties.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\remoterequest.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.QuickStart.A, C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\extensions\quick_start@gmail.com\modules\settings.js, In Quarantäne, [83c35db58fed8fa7dffd9b4ff2100bf5],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [4006957dd6a68aac1d22b74b7e8555ab],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [4006957dd6a68aac1d22b74b7e8555ab],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [4006957dd6a68aac1d22b74b7e8555ab],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [4006957dd6a68aac1d22b74b7e8555ab],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [4006957dd6a68aac1d22b74b7e8555ab],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DSite\UpdateProc\config.dat, In Quarantäne, [8fb78c86f28a49ed043de31f5da6e818],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DSite\UpdateProc\info.dat, In Quarantäne, [8fb78c86f28a49ed043de31f5da6e818],
PUP.Optional.Updater.A, C:\Users\RH2708\AppData\Roaming\DSite\UpdateProc\TTL.DAT, In Quarantäne, [8fb78c86f28a49ed043de31f5da6e818],
Physische Sektoren: 0
(No malicious items detected)
(end) nun die AdwCleaner(S0).txt Code:
# AdwCleaner v3.311 - Bericht erstellt am 08/10/2014 um 19:44:01
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : RH - RH2708
# Gestartet von : C:\Users\RH2708\Desktop\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files\Yawtix
Ordner Gelöscht : C:\Users\RH\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\RH\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\RH\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\RH\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\RH2708\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\RH2708\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\RH2708\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\59ed9d0b76eea15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\sacvh9xe.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "sweet-page");
[ Datei : C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");
-\\ Google Chrome v37.0.2062.124
[ Datei : C:\Users\RH\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3407 octets] - [08/10/2014 19:40:51]
AdwCleaner[S0].txt - [3330 octets] - [08/10/2014 19:44:01]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3390 octets] ##########
hier die jrt.txt: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by RH on 08.10.2014 at 19:51:38,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\RH\AppData\Roaming\mozilla\firefox\profiles\sacvh9xe.default\prefs.js
user_pref("browser.search.useDBForOrder", "false");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.10.2014 at 19:53:58,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und hier die frische FRST.txt:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by RH2708 (ATTENTION: The logged in user is not administrator) on RH2708 on 08-10-2014 19:59:38
Running from C:\Users\RH2708\Desktop
Loaded Profiles: RH & RH2708 (Available profiles: RH & RH2708)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Bose Corporation) C:\Program Files\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe
() C:\Users\RH2708\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\RH2708\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech Inc.) C:\Program Files\Squeezebox\SqueezeTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Opera Software) C:\Users\RH2708\AppData\Local\Programs\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Users\RH2708\AppData\Local\Programs\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Users\RH2708\AppData\Local\Programs\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Users\RH2708\AppData\Local\Programs\Opera\24.0.1558.64\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe [46200 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [SoundTouch Music Server] => C:\Program Files\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe [1063424 2014-07-29] (Bose Corporation)
HKLM\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-638709124-720255203-905956943-1003\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\RH2708\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-638709124-720255203-905956943-1003\...\Run: [Amazon Cloud Player] => C:\Users\RH2708\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-638709124-720255203-905956943-1003\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\Windows\System32\acaptuser32.dll => C:\Windows\System32\acaptuser32.dll [112248 2007-05-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server-Taskleisten-Tool.lnk
ShortcutTarget: Logitech Media Server-Taskleisten-Tool.lnk -> C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0D27B4C9AD9CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default
FF Homepage: about:superstart
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RH2708\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Super Start - C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\Extensions\superstart@enjoyfreeware.org [2014-09-23]
FF Extension: Garmin Communicator - C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-04-20]
FF Extension: DownloadHelper - C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-20]
FF Extension: Media Converter - C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi [2014-05-24]
FF Extension: JS Switch - C:\Users\RH2708\AppData\Roaming\Mozilla\Firefox\Profiles\n7e6m5r4.default\Extensions\{88c7b321-2eb8-11da-8cd6-0800200c9a66}.xpi [2013-09-17]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> 6A023C82DE85C785CB73BC74BE510AF8CC931AFE11E6583277D9910764475737
CHR DefaultSearchURL: Default -> 6069897DBE42365429FD40F15EFAF89F3A2E45AE6FC60C4B72D433BC8513FCE6
CHR CustomProfile: C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (YouTube) - C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google-Suche) - C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Google Mail) - C:\Users\RH2708\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [297392 2011-06-16] (Nuance Communications, Inc.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-21] (Macrovision Europe Ltd.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\Users\RH\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 19:53 - 2014-10-08 19:53 - 00000814 _____ () C:\Users\RH\Desktop\JRT.txt
2014-10-08 19:51 - 2014-10-08 19:51 - 00000000 ____D () C:\Windows\ERUNT
2014-10-08 19:50 - 2014-10-08 19:50 - 01705141 _____ (Thisisu) C:\Users\RH2708\Desktop\JRT.exe
2014-10-08 19:40 - 2014-10-08 19:44 - 00000000 ____D () C:\AdwCleaner
2014-10-08 19:40 - 2014-10-08 19:40 - 01375089 _____ () C:\Users\RH2708\Desktop\AdwCleaner_3.311.exe
2014-10-08 19:38 - 2014-10-08 19:38 - 00037242 _____ () C:\Users\RH2708\Desktop\mbam.txt
2014-10-08 19:11 - 2014-10-08 19:11 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 19:11 - 2014-10-08 19:11 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-08 19:11 - 2014-10-08 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-08 19:11 - 2014-10-08 19:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-08 19:11 - 2014-10-08 19:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-08 19:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-08 19:11 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-08 19:11 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-08 19:10 - 2014-10-08 19:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RH2708\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-07 18:31 - 2014-10-07 18:28 - 00074322 _____ () C:\Users\RH2708\Desktop\combofix.zip
2014-10-07 18:31 - 2014-10-07 18:27 - 00522862 _____ () C:\Users\RH2708\Desktop\combofix.txt
2014-10-07 18:24 - 2014-10-07 18:25 - 00522862 _____ () C:\Users\RH\Desktop\combofix.txt
2014-10-07 13:30 - 2014-10-07 13:30 - 00522862 _____ () C:\ComboFix.txt
2014-10-07 12:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-07 12:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-07 12:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-07 12:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-07 12:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-07 12:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-07 12:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-07 12:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-07 12:41 - 2014-10-07 13:30 - 00000000 ____D () C:\Qoobox
2014-10-07 12:41 - 2014-10-07 13:29 - 00000000 ____D () C:\Windows\erdnt
2014-10-07 12:39 - 2014-10-07 12:40 - 05582481 ____R (Swearware) C:\Users\RH2708\Desktop\ComboFix.exe
2014-10-07 12:26 - 2014-10-07 12:35 - 00001218 _____ () C:\Users\RH\Desktop\Revo Uninstaller.lnk
2014-10-07 12:26 - 2014-10-07 12:35 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-07 12:25 - 2014-10-07 12:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\RH2708\Desktop\revosetup95.exe
2014-10-06 11:43 - 2014-10-06 11:45 - 00056123 _____ () C:\Users\RH2708\Desktop\Addition.txt
2014-10-06 11:37 - 2014-10-08 19:59 - 00017258 _____ () C:\Users\RH2708\Desktop\FRST.txt
2014-10-06 11:37 - 2014-10-06 11:37 - 00000000 ____D () C:\Users\RH2708\Desktop\FRST-OlderVersion
2014-10-06 07:37 - 2014-10-08 19:59 - 00000000 ____D () C:\FRST
2014-10-06 07:35 - 2014-10-06 11:37 - 01101312 _____ (Farbar) C:\Users\RH2708\Desktop\FRST.exe
2014-10-04 17:03 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-27 17:10 - 2014-09-27 17:13 - 1413324831 _____ () C:\Users\RH2708\Desktop\Bundesratespiel.zip
2014-09-27 17:08 - 2014-09-27 17:08 - 00000000 ____D () C:\Users\RH2708\Desktop\Bundesratespiel
2014-09-26 18:54 - 2014-09-26 18:54 - 00000000 ____D () C:\Users\RH2708\dwhelper
2014-09-23 20:15 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-21 14:44 - 2014-09-21 14:44 - 00002011 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-09-21 14:44 - 2014-09-21 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-09-21 14:43 - 2014-09-21 14:43 - 00000000 ____D () C:\Users\RH\AppData\Roaming\Opera Software
2014-09-21 14:43 - 2014-09-21 14:43 - 00000000 ____D () C:\Users\RH\AppData\Local\Opera Software
2014-09-21 14:42 - 2014-09-26 16:46 - 00000000 ____D () C:\Program Files\Opera
2014-09-21 14:42 - 2014-09-21 14:42 - 00001089 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-09-21 14:42 - 2014-09-21 14:42 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-09-21 14:39 - 2014-10-07 13:30 - 00002189 _____ () C:\Users\RH\Desktop\Google Chrome.lnk
2014-09-21 14:39 - 2014-09-21 14:40 - 07300840 _____ () C:\Users\RH2708\Desktop\MyPhoneExplorer_Setup_1.8.6.exe
2014-09-21 08:10 - 2014-09-26 18:41 - 00000000 ____D () C:\Users\RH\AppData\Local\Adobe
2014-09-20 17:33 - 2014-09-26 16:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 18:04 - 2014-09-17 18:04 - 00000000 ____D () C:\Windows\system32\Garmin
2014-09-17 18:02 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-17 18:02 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 18:02 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 18:02 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 18:02 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-17 18:02 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 18:02 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-17 18:02 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-17 18:02 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-17 18:02 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 18:02 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 18:02 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-17 18:02 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-17 18:02 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 18:02 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-17 18:02 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-17 18:02 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-17 18:02 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 18:02 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-17 18:02 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-17 18:02 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 18:02 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 18:02 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 18:02 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 18:02 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 18:02 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-17 18:02 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-17 18:02 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 18:02 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 18:02 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-17 18:00 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 17:40 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 17:40 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 17:37 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 17:37 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 19:53 - 2009-07-14 06:34 - 00021648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:53 - 2009-07-14 06:34 - 00021648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 19:49 - 2013-04-20 18:33 - 01057874 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 19:46 - 2014-08-19 11:32 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 19:46 - 2014-01-05 14:20 - 00044281 _____ () C:\Windows\setupact.log
2014-10-08 19:45 - 2013-04-20 20:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-08 19:45 - 2010-11-20 23:48 - 00163104 _____ () C:\Windows\PFRO.log
2014-10-08 19:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 19:42 - 2014-08-19 11:32 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 19:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\schemas
2014-10-08 16:05 - 2014-05-18 16:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-07 13:30 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-10-07 13:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-07 13:28 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-07 09:53 - 2010-11-20 23:01 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 07:10 - 2013-07-29 17:46 - 00000211 _____ () C:\Users\RH2708\AppData\Roaming\WB.CFG
2014-10-06 05:00 - 2009-07-14 04:04 - 00000615 _____ () C:\Windows\win.ini
2014-10-06 04:50 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-05 20:05 - 2013-05-17 22:16 - 00000000 ____D () C:\Users\RH2708\AppData\Roaming\MyPhoneExplorer
2014-09-27 19:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-27 15:50 - 2013-10-26 19:18 - 00000000 ____D () C:\Users\RH2708\AppData\Roaming\vlc
2014-09-26 18:54 - 2013-04-21 10:46 - 00000000 ____D () C:\Users\RH2708
2014-09-26 18:41 - 2013-05-24 05:46 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-26 16:37 - 2014-02-02 14:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-26 11:05 - 2014-04-04 19:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-26 11:05 - 2014-04-04 19:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 20:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-22 08:41 - 2013-04-20 18:45 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 14:44 - 2013-05-17 22:16 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2014-09-21 14:39 - 2014-08-19 11:32 - 00000000 ____D () C:\Users\RH\AppData\Local\Google
2014-09-18 18:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-17 19:38 - 2013-04-21 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-17 19:38 - 2013-04-21 01:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-17 17:59 - 2013-08-24 09:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-17 17:48 - 2013-04-20 19:22 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 17:48 - 2013-04-20 18:43 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-17 17:48 - 2013-04-20 18:43 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-17 17:47 - 2013-04-20 18:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 20:19 - 2013-04-28 07:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-10 19:26 - 2013-10-29 10:22 - 00002834 _____ () C:\Users\RH2708\AppData\Roaming\SAS7_000.DAT
Some content of TEMP:
====================
C:\Users\RH\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================ --- --- ---
--- --- ---
Vielen Dank nochmal für Deine Arbeit. :applaus:
Gruß
rh-berlin |