Notebook mit webssearches beglückt

martinz · 30.03.2014, 02:33

Guten Morgen,

leider habe ich mich in die Riege der unfreiwilligen webssearches Verwender eingereiht.

Das websearches Programm selbst habe ich schon deinstalliert, den 4 installierten Programmen habe ich zumindest alle *.exe auf *.evr umbenannt.

Anbei ein aktuelles FRST.txt und nachfolgend ein additions.txt

frst.txt:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by martin (administrator) on MARTIN-COMPAQPC on 30-03-2014 03:13:16
Running from C:\Downloads\Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358208 2010-12-11] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111760 2010-12-11] ()
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [Free Download Manager] - C:\Program Files (x86)\Free Download Manager\fdm.exe [6875136 2013-03-27] (FreeDownloadManager.ORG)
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [] - [X]
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [96768 2014-03-05] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [85504 2014-03-05] (Skytech Co., Ltd.)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F08D7E9FB89CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4DC39C54-CC7C-4B18-8CFE-4BA0DA49B0E5} URL = hxxp://www.google.at/search?q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
SearchScopes: HKCU - {4DC39C54-CC7C-4B18-8CFE-4BA0DA49B0E5} URL = hxxp://www.google.at/search?q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default
FF user.js: detected! => C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Quick Start - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\quick_start@gmail.com [2014-03-30]
FF Extension: Exif Viewer - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-12-29]
FF Extension: FxIF - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2013-12-29]
FF Extension: Mozilla Archive Format - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2013-12-29]
FF Extension: Greasemonkey - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-22]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com [2014-03-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]
FF HKCU\...\Firefox\Extensions: [{639dacdc-21ee-4f5e-8f4a-57e7c3045c72}] - C:\Program Files (x86)\Re-markit Corp\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit Corp\158.xpi [2014-03-30]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [X]
S4 Re-markit; C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe [X]
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe -service [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 00:41 - 2014-03-30 01:38 - 00000398 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-03-30 00:41 - 2014-03-30 01:38 - 00000392 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-03-30 00:41 - 2014-03-30 01:06 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 00:41 - 2014-03-30 01:04 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 00:41 - 2014-03-30 01:01 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 00:41 - 2014-03-30 01:01 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 00:41 - 2014-03-30 00:41 - 00003048 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-03-30 00:41 - 2014-03-30 00:41 - 00002982 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-03-30 00:41 - 2014-03-30 00:41 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SupTab
2014-03-30 00:39 - 2014-03-30 02:37 - 00000470 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-30 00:39 - 2014-03-30 00:39 - 00003492 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-30 00:39 - 2014-03-30 00:39 - 00000000 ____D () C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:51 - 2014-03-27 13:52 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-23 16:01 - 2014-03-23 18:02 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:19 - 2014-03-22 13:35 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-17 21:50 - 2014-03-19 02:13 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-15 18:09 - 2014-03-16 18:07 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-13 15:35 - 2014-03-13 15:43 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:42 - 2014-03-12 15:32 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-08 14:43 - 2014-03-08 14:48 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-04 14:24 - 2014-03-29 13:18 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-02 20:31 - 2014-03-04 14:35 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls

==================== One Month Modified Files and Folders =======

2014-03-30 03:13 - 2014-02-01 16:50 - 00000000 ____D () C:\FRST
2014-03-30 03:03 - 2013-06-22 01:59 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Free Download Manager
2014-03-30 02:53 - 2013-08-14 20:42 - 00000000 ____D () C:\d
2014-03-30 02:47 - 2013-09-20 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 02:46 - 2013-09-20 17:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 02:46 - 2013-06-22 01:08 - 00001421 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 02:37 - 2014-03-30 00:39 - 00000470 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-30 01:45 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 01:45 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 01:41 - 2013-06-22 00:56 - 01098095 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 01:40 - 2014-02-27 15:43 - 00000000 ___RD () C:\Users\martin\Dropbox
2014-03-30 01:40 - 2014-02-27 15:34 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox
2014-03-30 01:39 - 2014-01-20 21:08 - 00000000 ____D () C:\Users\martin\AppData\Local\TSVNCache
2014-03-30 01:38 - 2014-03-30 00:41 - 00000398 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-03-30 01:38 - 2014-03-30 00:41 - 00000392 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-03-30 01:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 01:37 - 2009-07-14 06:51 - 00060632 _____ () C:\Windows\setupact.log
2014-03-30 01:18 - 2013-06-22 02:43 - 00000000 ____D () C:\Program Files\totalcmd
2014-03-30 01:06 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\Re-markit Corp
2014-03-30 01:04 - 2014-03-30 00:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-30 01:01 - 2014-03-30 00:41 - 00000000 ____D () C:\ProgramData\WPM
2014-03-30 01:01 - 2014-03-30 00:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-30 00:41 - 2014-03-30 00:41 - 00003048 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-03-30 00:41 - 2014-03-30 00:41 - 00002982 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-03-30 00:41 - 2014-03-30 00:41 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 00:41 - 2014-03-30 00:41 - 00000000 ____D () C:\Users\martin\AppData\Roaming\SupTab
2014-03-30 00:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-30 00:39 - 2014-03-30 00:39 - 00003492 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-03-30 00:39 - 2014-03-30 00:39 - 00000000 ____D () C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-29 13:18 - 2014-03-04 14:24 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-28 20:16 - 2010-11-21 08:50 - 00699440 _____ () C:\Windows\system32\perfh007.dat
2014-03-28 20:16 - 2010-11-21 08:50 - 00149548 _____ () C:\Windows\system32\perfc007.dat
2014-03-28 20:16 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-28 15:47 - 2013-06-22 01:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:52 - 2014-03-27 13:51 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-24 01:25 - 2013-06-22 02:36 - 00000000 ____D () C:\Users\martin\AppData\Roaming\gsak
2014-03-23 18:02 - 2014-03-23 16:01 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-22 13:35 - 2014-03-19 02:19 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 18:01 - 2014-02-14 22:11 - 00002853 _____ () C:\Users\martin\Documents\360er_jufi_opencaches.txt
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:13 - 2014-03-17 21:50 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-16 18:07 - 2014-03-15 18:09 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-13 15:43 - 2014-03-13 15:35 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 15:35 - 2014-02-16 15:18 - 00008825 _____ () C:\Users\martin\Documents\gehalts_spanne.xlsx
2014-03-12 15:32 - 2014-03-12 12:42 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-10 16:23 - 2014-02-09 21:33 - 00007655 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-09 08:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-08 14:48 - 2014-03-08 14:43 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-08 13:59 - 2013-12-03 18:19 - 00061440 _____ () C:\Users\martin\Documents\Movies_2_get.xls
2014-03-08 13:18 - 2013-12-03 18:19 - 00037888 _____ () C:\Users\martin\Documents\books_got.xls
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-04 14:35 - 2014-03-02 20:31 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls
2014-02-28 18:12 - 2014-02-25 18:43 - 00004100 _____ () C:\Users\martin\Documents\hd_hcp_video.txt

Some content of TEMP:
====================
C:\Users\martin\AppData\Local\Temp\Checkupdate.exe
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsvrmnb.dll
C:\Users\martin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\martin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\martin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\martin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\martin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\martin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\martin\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\martin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 15:43

==================== End Of Log ============================

additions.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by martin at 2014-03-30 03:13:52
Running from C:\Downloads\Software
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
Acronis*True*Image*Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7154 - Acronis)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Agent Ransack 2010 (64-bit) (HKLM\...\Agent Ransack (64-bit)_is1) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation)
D1600 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_SF_06_D1600_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Garmin BaseCamp (HKLM-x32\...\{EA32DDCC-6A44-482D-8638-DB199E95B4D2}) (Version: 4.2.3 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.30 Update (HKLM-x32\...\{71401465-5DAD-4E95-BCFC-B13DFDD9771E}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO Österreich v2 (HKLM-x32\...\{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GSAK 8.3.0.1 (HKLM-x32\...\GSAK_is1) (Version:  - CWE computer services)
Heatsoft ADCS 2.01 (HKLM-x32\...\Heatsoft ADCS_is1) (Version: 2.01 build 5 - Heatsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 (HKLM\...\{2CD0168D-FBBC-4667-8810-105CB6EC6348}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Scanjet 2400 (HKLM\...\{7B604AC7-B496-473F-A17C-489398E38BEA}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
hpg2410 (x32 Version: 14.0.0.0 - Ihr Firmenname) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Re-markit (HKLM-x32\...\9427968a-c9d0-406f-adac-5d9c52b234cb) (Version:  - Re-markit Software) <==== ATTENTION
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TortoiseSVN 1.8.4.24972 (64 bit) (HKLM\...\{A2EFDE01-96B3-4E55-8834-81617ED6BCBE}) (Version: 1.8.24972 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
URL Snooper v2.32.01 (HKLM-x32\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

09-02-2014 21:55:23 test 10.2.
14-02-2014 13:50:14 Windows Update
19-02-2014 20:06:46 Windows Update
23-02-2014 23:46:59 Windows Update
08-03-2014 12:25:31 Windows Update
21-03-2014 12:59:37 Windows Update
28-03-2014 14:17:56 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {5AB48036-31D6-48C7-81B1-567461622FDE} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit Corp\ReMarju.exe <==== ATTENTION
Task: {5B74AA91-D4D7-4ACB-83AE-8D722FE51FB9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-25] (AVAST Software)
Task: {7171A46C-DF6B-4BF8-B49F-3D7D858EA721} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe <==== ATTENTION
Task: {80CAB469-A913-42DE-A8EC-70C0A619C687} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A18BB295-7655-4D97-A1D5-A5FCBB8EF044} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {DD4EC6F7-BD6B-4FB0-967C-37051F0C4073} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {E9F7CE16-BD79-44F2-9E20-50F1E3E8B009} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FB72A84E-1D33-4AB4-AE05-C5ADBB10C3DE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FFE148BE-7BF9-434B-82CA-2F0561E03105} - System32\Tasks\AmiUpdXp => C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3\d6d829bd-95fe-4a6b-962b-40cf791460c3.exe [2014-03-30] () <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\martin\AppData\Local\d6d829bd-95fe-4a6b-962b-40cf791460c3\d6d829bd-95fe-4a6b-962b-40cf791460c3.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit Corp\ReMarju.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-11-24 14:37 - 2013-11-24 14:37 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-11-24 14:36 - 2013-11-24 14:36 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-12-11 21:09 - 2010-12-11 21:09 - 01200656 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-12-26 14:06 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-12-26 14:06 - 2012-01-29 17:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-03-29 22:28 - 2014-03-29 19:47 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032902\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-22 01:58 - 2013-01-11 03:22 - 03547136 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00071408 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2013-11-26 16:19 - 2013-11-26 16:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-30 02:39 - 2014-03-30 02:39 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-22 01:58 - 2013-01-11 03:17 - 00105984 _____ () C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
2014-01-15 22:38 - 2014-01-15 22:38 - 00283648 _____ () C:\ProgramData\Free Download Manager\Firefox\Extensions\1.6.0.1\components\vmsfdmff22.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Re-markit => 2
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2014 01:39:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 01:17:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2014 00:20:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 742144

Error: (03/30/2014 00:20:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 742144

Error: (03/30/2014 00:20:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 11:10:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 728307

Error: (03/29/2014 11:10:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 728307

Error: (03/29/2014 11:10:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 10:57:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2262

Error: (03/29/2014 10:57:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2262


System errors:
=============
Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 9
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:38:27 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT-AUTORITÄT)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (03/30/2014 01:37:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wpm Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (12/11/2013 02:06:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4564 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (11/30/2013 00:29:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 251229 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/05/2013 01:43:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 248356 seconds with 3900 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-01-28 15:22:10.559
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sfc_os.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-24 11:53:32.215
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\sfc_os.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 3836.87 MB
Available physical RAM: 2454.39 MB
Total Pagefile: 3851.05 MB
Available Pagefile: 2437.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:410.01 GB) (Free:16.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 045AD822)
Partition 1: (Active) - (Size=410 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=05)

==================== End Of Log ============================

Bitte um weitere Hilfe!

Herzlichen Dank im Voraus, Martin

schrauber · 30.03.2014, 06:48

hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

martinz · 31.03.2014, 18:38

Hallo,

-) revo uninstaller ist erfolgreich gelaufen

-) mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.03.2014
Suchlauf-Zeit: 21:20:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.30.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: martin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 283284
Verstrichene Zeit: 3 Std, 50 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 13
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-598720845-1907532990-1611617127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-598720845-1907532990-1611617127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [6c948f711be5a0602cff4c3d27dc0af6], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [887815ebc937a7599365c495b2506799], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [26dacc34639d05fb5ecdfb8eba4912ee], 
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [c9370ff121df1de3f5d0bfa41be7669a], 
PUP.Optional.Qone8, HKU\S-1-5-21-598720845-1907532990-1611617127-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [d729f10fd030cb35c7631178bc4714ec], 

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com, In Quarantäne, [e21ee41cec14a55ba3126bef54aefc04]

Registrierungsdaten: 12
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Ersetzt,[e71919e7679932ce6c5cfa690200e31d]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Ersetzt,[e71919e7679932ce6c5cfa690200e31d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[9070e61aec14d8286ee6669c6e9660a0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}),Ersetzt,[7d83ef111ae6d729065112f02cd8956b]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[79879c645ba538c88acc0af8fe06f30d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[8d736f918d73b0508fc960a28a7a7b85]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ef11c13f03fd10f0de66cc4042c254ac]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[ff0126dadd2324dc4e0627db758f926e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}),Ersetzt,[d52b4eb2f40c5ca42b2c28daf70d3fc1]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[7b854ab6f60abd43a7af23df11f330d0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915),Ersetzt,[6d9334cc10f059a778e02dd552b226da]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[827e26da6799cd33d371c745a85c9070]

Ordner: 59
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [669a2ed251af9f611d8b7dd527db619f], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [669a2ed251af9f611d8b7dd527db619f], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en-US, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es-419, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pl, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\tr, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\vi, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\defaults, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\defaults\preferences, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.WebsSearches.A, C:\Users\martin\AppData\Roaming\webssearches, In Quarantäne, [2ad67e82768ab64a23c59fb7b250f808], 
PUP.Optional.WebsSearches.A, C:\Users\martin\AppData\Roaming\webssearches\images, In Quarantäne, [2ad67e82768ab64a23c59fb7b250f808], 

Dateien: 210
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [16eaed134eb233cd152bb45444be3ac6], 
PUP.Optional.SupTab.A, C:\Users\martin\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [a85841bfbe421ce491bac96c0bf5ce32], 
PUP.Optional.Amonetize.A, C:\Downloads\Datenbank gel ster Multis und Mysteries.evr, In Quarantäne, [a45ca957ba46d62a362991ab728ee61a], 
PUP.Optional.SkyTech.A, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\alilog.dll, In Quarantäne, [d22e3ec22ed2fd0319fa270b34cc8779], 
PUP.Optional.SkyTech.A, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\package1.zip, In Quarantäne, [ab5522de2dd31ae6cc475fd317e9aa56], 
PUP.Optional.SupTab.A, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\tmp\SupTab.exe, In Quarantäne, [e21e0af6e020a7593615ec499c64b14f], 
PUP.Optional.WpManager, C:\Users\martin\AppData\Local\Temp\fullpackage_temp1396132778\tmp\wpm.exe, In Quarantäne, [b050ca36c739f808fa5385d3e819d52b], 
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [0af63dc3f30d6799867483d6e1219f61], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.evr, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.evr, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\27.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\1.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\10.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\11.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\12.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\13.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\14.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\15.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\16.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\17.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\18.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\19.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\2.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\20.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\21.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\22.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\23.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\24.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\25.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\26.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\28.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\29.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\3.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\30.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\31.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\32.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\33.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\34.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\35.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\36.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\37.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\38.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\39.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\4.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\40.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\41.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\42.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\43.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\44.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\45.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\46.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\47.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\5.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\6.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\7.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\8.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\9.png, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\background.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-base.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [e71919e7679932ce6c5cfa690200e31d], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.evr, In Quarantäne, [669a2ed251af9f611d8b7dd527db619f], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome.manifest, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\install.rdf, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\index.html, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\library.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon128.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon16.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\icon48.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\iconsmall.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\search.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\style.css, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\27.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\1.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\10.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\11.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\12.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\13.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\14.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\15.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\16.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\17.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\18.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\19.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\2.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\20.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\21.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\22.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\23.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\24.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\25.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\26.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\28.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\29.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\3.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\30.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\31.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\32.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\33.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\34.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\35.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\36.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\37.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\38.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\39.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\4.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\40.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\41.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\42.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\43.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\44.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\45.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\46.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\47.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\5.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\6.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\7.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\8.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\chrome\skin\weather\9.png, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\addonmanager.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\aes.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\config.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\dialogs.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\last_tab.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\misc.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\properties.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\remoterequest.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 
PUP.Optional.QuickStart.A, C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\extensions\quick_start@gmail.com\modules\settings.js, In Quarantäne, [15ebae52fa066997e6a03a1c8d75e51b], 

Physische Sektoren: 0
(No malicious items detected)


(end)

-) AdwCleaner[Sx].txt:

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 31/03/2014 um 18:53:38
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : martin - MARTIN-COMPAQPC
# Gestartet von : C:\Downloads\Software\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[x] Nicht Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[x] Nicht Gelöscht : C:\Program Files (x86)\myfree codec
[x] Nicht Gelöscht : C:\Users\martin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\martin\AppData\Roaming\SupTab
Datei Gelöscht : C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x] Nicht Gelöscht : HKCU\Software\Myfree Codec
[x] Nicht Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[x] Nicht Gelöscht : [x64] HKCU\Software\Myfree Codec

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ Datei : C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3185 octets] - [31/03/2014 18:26:55]
AdwCleaner[S0].txt - [3103 octets] - [31/03/2014 18:53:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3163 octets] ##########

-) JRT.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by martin on 31.03.2014 at 19:06:36,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\martin\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\martin\AppData\Roaming\mozilla\firefox\profiles\4xkofc0y.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2014 at 19:19:06,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-) FRST log:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by martin (administrator) on MARTIN-COMPAQPC on 31-03-2014 19:26:56
Running from C:\Downloads\Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358208 2010-12-11] (Acronis)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767608 2014-03-31] (AVAST Software)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111760 2010-12-11] ()
HKU\S-1-5-21-598720845-1907532990-1611617127-1000\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F08D7E9FB89CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396132809&from=amt&uid=WDCXWD5000LPVX-22V0TT0_WD-WX81A33F4915F4915&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {4DC39C54-CC7C-4B18-8CFE-4BA0DA49B0E5} URL = hxxp://www.google.at/search?q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Extension: Exif Viewer - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-12-29]
FF Extension: FxIF - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2013-12-29]
FF Extension: Mozilla Archive Format - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2013-12-29]
FF Extension: Greasemonkey - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\4xkofc0y.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-21]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-31 19:19 - 2014-03-31 19:19 - 00001878 _____ () C:\Users\martin\Desktop\JRT.txt
2014-03-31 19:06 - 2014-03-31 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 18:26 - 2014-03-31 18:53 - 00000000 ____D () C:\AdwCleaner
2014-03-30 17:27 - 2014-03-31 18:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 17:27 - 2014-03-30 17:27 - 00001317 _____ () C:\Users\martin\Documents\malware_found.txt
2014-03-30 17:27 - 2014-03-30 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:27 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 17:27 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 13:43 - 2014-03-30 13:43 - 00003300 _____ () C:\Windows\System32\Tasks\{6BD176BF-730B-4029-9B53-ACDEA16CFAE3}
2014-03-30 12:04 - 2014-03-30 12:04 - 00001264 _____ () C:\Users\martin\Desktop\Revo Uninstaller.lnk
2014-03-30 12:04 - 2014-03-30 12:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 00:41 - 2014-03-30 12:22 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:51 - 2014-03-27 13:52 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-23 16:01 - 2014-03-23 18:02 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:19 - 2014-03-22 13:35 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-17 21:50 - 2014-03-19 02:13 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-15 18:09 - 2014-03-16 18:07 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-13 15:35 - 2014-03-13 15:43 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:42 - 2014-03-12 15:32 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-08 14:43 - 2014-03-08 14:48 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-04 14:24 - 2014-03-29 13:18 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-02 20:31 - 2014-03-04 14:35 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls

==================== One Month Modified Files and Folders =======

2014-03-31 19:26 - 2014-02-01 16:50 - 00000000 ____D () C:\FRST
2014-03-31 19:19 - 2014-03-31 19:19 - 00001878 _____ () C:\Users\martin\Desktop\JRT.txt
2014-03-31 19:06 - 2014-03-31 19:06 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 19:06 - 2013-06-22 01:59 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Free Download Manager
2014-03-31 19:02 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:02 - 2009-07-14 06:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 19:01 - 2014-02-27 15:43 - 00000000 ___RD () C:\Users\martin\Dropbox
2014-03-31 19:00 - 2014-02-27 15:34 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox
2014-03-31 19:00 - 2013-06-22 00:56 - 01157494 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 18:59 - 2010-11-21 08:50 - 00699440 _____ () C:\Windows\system32\perfh007.dat
2014-03-31 18:59 - 2010-11-21 08:50 - 00149548 _____ () C:\Windows\system32\perfc007.dat
2014-03-31 18:59 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 18:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-31 18:55 - 2009-07-14 06:51 - 00060744 _____ () C:\Windows\setupact.log
2014-03-31 18:54 - 2010-11-21 05:47 - 00294688 _____ () C:\Windows\PFRO.log
2014-03-31 18:53 - 2014-03-31 18:26 - 00000000 ____D () C:\AdwCleaner
2014-03-31 18:23 - 2014-03-30 17:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 18:19 - 2014-01-20 21:08 - 00000000 ____D () C:\Users\martin\AppData\Local\TSVNCache
2014-03-30 23:50 - 2013-09-20 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 21:13 - 2013-08-14 20:42 - 00000000 ____D () C:\d
2014-03-30 17:27 - 2014-03-30 17:27 - 00001317 _____ () C:\Users\martin\Documents\malware_found.txt
2014-03-30 17:27 - 2014-03-30 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-30 17:27 - 2014-01-31 21:40 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Malwarebytes
2014-03-30 17:27 - 2014-01-31 21:37 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-30 17:27 - 2014-01-31 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 13:43 - 2014-03-30 13:43 - 00003300 _____ () C:\Windows\System32\Tasks\{6BD176BF-730B-4029-9B53-ACDEA16CFAE3}
2014-03-30 12:22 - 2014-03-30 00:41 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-03-30 12:04 - 2014-03-30 12:04 - 00001264 _____ () C:\Users\martin\Desktop\Revo Uninstaller.lnk
2014-03-30 12:04 - 2014-03-30 12:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-30 02:46 - 2013-09-20 17:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-30 02:46 - 2013-06-22 01:08 - 00001421 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-30 02:39 - 2014-03-30 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 01:18 - 2013-06-22 02:43 - 00000000 ____D () C:\Program Files\totalcmd
2014-03-30 00:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-29 13:28 - 2014-03-29 13:28 - 00865177 _____ () C:\Users\martin\Documents\Die afroamerikanische Sklaverei_2.pptx
2014-03-29 13:18 - 2014-03-04 14:24 - 00020293 _____ () C:\Users\martin\Documents\cachesdone_11_12_2013_03_2014.txt
2014-03-28 20:03 - 2014-03-28 20:03 - 00389323 _____ () C:\Users\martin\Documents\z_20140328mz.gdb
2014-03-28 15:47 - 2013-06-22 01:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-27 16:34 - 2014-03-27 16:34 - 00391128 _____ () C:\Users\martin\Documents\z_20140327mz.gdb
2014-03-27 13:52 - 2014-03-27 13:51 - 00011903 _____ () C:\Users\martin\Documents\it_kursdauer_wifi.xlsx
2014-03-24 01:25 - 2013-06-22 02:36 - 00000000 ____D () C:\Users\martin\AppData\Roaming\gsak
2014-03-23 18:02 - 2014-03-23 16:01 - 00394762 _____ () C:\Users\martin\Documents\z_20140323mz.gdb
2014-03-23 16:56 - 2014-03-23 16:56 - 00006752 _____ () C:\Users\martin\Documents\20140323.gdb
2014-03-22 13:35 - 2014-03-19 02:19 - 00000270 _____ () C:\Users\martin\Documents\gschwendt_4.gdb
2014-03-22 13:26 - 2014-03-22 13:26 - 00390987 _____ () C:\Users\martin\Documents\z_20140322mz.gdb
2014-03-21 18:11 - 2014-03-21 18:11 - 00390061 _____ () C:\Users\martin\Documents\z_20140321mz.gdb
2014-03-19 18:01 - 2014-02-14 22:11 - 00002853 _____ () C:\Users\martin\Documents\360er_jufi_opencaches.txt
2014-03-19 17:54 - 2014-03-19 17:54 - 00012098 _____ () C:\Users\martin\Downloads\Die afroamerikanische Sklaverei.pptx
2014-03-19 02:13 - 2014-03-17 21:50 - 00388719 _____ () C:\Users\martin\Documents\z_20140317mz.gdb
2014-03-16 18:09 - 2014-03-16 18:09 - 00003291 _____ () C:\Users\martin\Desktop\20140314.gdb
2014-03-16 18:07 - 2014-03-15 18:09 - 00391094 _____ () C:\Users\martin\Documents\z_20140315mz.gdb
2014-03-15 18:21 - 2014-03-15 18:21 - 00003166 _____ () C:\Users\martin\Documents\20140314.gdb
2014-03-13 15:43 - 2014-03-13 15:35 - 00392081 _____ () C:\Users\martin\Documents\z_20140313mz.gdb
2014-03-12 15:35 - 2014-02-16 15:18 - 00008825 _____ () C:\Users\martin\Documents\gehalts_spanne.xlsx
2014-03-12 15:32 - 2014-03-12 12:42 - 00031802 _____ () C:\Users\martin\Documents\Gehalts_zuzahlung_abfertigung.xlsx
2014-03-12 13:15 - 2014-03-12 13:15 - 00030981 _____ () C:\Users\martin\Documents\00033698775_20131231_20140312.csv
2014-03-12 12:22 - 2014-03-12 12:22 - 00000000 ____D () C:\Users\martin\Documents\SozPlan
2014-03-10 16:23 - 2014-02-09 21:33 - 00007655 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\Documents\ADCS
2014-03-09 13:37 - 2014-03-09 13:37 - 00000000 ____D () C:\Users\martin\AppData\Local\Heatsoft
2014-03-09 13:36 - 2014-03-09 13:36 - 00001017 _____ () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000993 _____ () C:\Users\martin\Desktop\Heatsoft ADCS 2.01.lnk
2014-03-09 13:36 - 2014-03-09 13:36 - 00000000 ____D () C:\Program Files (x86)\ADCS
2014-03-09 08:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-08 14:48 - 2014-03-08 14:43 - 00392551 _____ () C:\Users\martin\Documents\z_20140308mz.gdb
2014-03-08 14:38 - 2014-03-08 14:38 - 00001502 _____ () C:\Users\martin\Documents\20140306.gdb
2014-03-08 14:27 - 2014-03-08 14:27 - 00000166 _____ () C:\Users\martin\Documents\burning_Kreuzenstein.gdb
2014-03-08 14:04 - 2014-03-08 14:04 - 00008906 _____ () C:\Users\martin\Documents\Burning Kreuzenstein NachtMulti.xlsx
2014-03-08 13:59 - 2013-12-03 18:19 - 00061440 _____ () C:\Users\martin\Documents\Movies_2_get.xls
2014-03-08 13:18 - 2013-12-03 18:19 - 00037888 _____ () C:\Users\martin\Documents\books_got.xls
2014-03-05 16:28 - 2014-03-05 16:28 - 00000032 _____ () C:\Users\martin\Documents\anruf_unbek_2.txt
2014-03-05 09:26 - 2014-03-30 17:27 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 17:27 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-01-31 21:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 14:35 - 2014-03-02 20:31 - 00387803 _____ () C:\Users\martin\Documents\z_20140301mz.gdb
2014-03-02 23:58 - 2014-03-02 23:58 - 00000112 _____ () C:\Users\martin\Documents\vatikan_cache_anweisung.txt
2014-03-02 21:45 - 2014-03-02 21:45 - 00001758 _____ () C:\Users\martin\Documents\marswiese.gdb
2014-03-01 12:40 - 2014-03-01 12:40 - 00000588 _____ () C:\Users\martin\Documents\transactions.xls

Some content of TEMP:
====================
C:\Users\martin\AppData\Local\Temp\Checkupdate.exe
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnhmvs.dll
C:\Users\martin\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\martin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\martin\AppData\Local\Temp\gcapi_dll.dll
C:\Users\martin\AppData\Local\Temp\gtapi_signed.dll
C:\Users\martin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\martin\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\martin\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\martin\AppData\Local\Temp\Quarantine.exe
C:\Users\martin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 13:23

==================== End Of Log ============================

--- --- ---

--- --- ---

-) beim Öffnen eines neuen Tabs im Firefox steht "chrome://quick_start/content/index.html" in der URL-Zeile, was mich aber mangels Besitz von Google Chrome nicht stört.

LG & TIA, Martin

schrauber · 01.04.2014, 12:32

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Notebook mit webssearches beglückt

Log-Analyse und Auswertung: Notebook mit webssearches beglückt