| |
| |||||||
Log-Analyse und Auswertung: E-Bay-Mahnung geöffnet - Virus legt Computer lahmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2014, 19:53
| #1 |
| |  E-Bay-Mahnung geöffnet - Virus legt Computer lahm Hallo zusammen, wäre für Hilfe extrem dankbar. Wir haben ausunglücklichen Umständen die ZIP-Datei einer gefälschten E-Bay-Mahnung geöffnet. Seitdem öffnet sich in steten Abständen und über den Tag zu hunderten ein Fenster mit dem Titel "SQL-Clientkonfigurationsprogramm" und der Computer ist extrem behäbig geworden, kurz davor, dass man eigentlich nichts mehr machen kann. Ich habe einen möglicherweise veralteten Norton Virus Scanner und einen "McAfee Security Scan" findet sich bei mir auch, allerdings habe ich den noch nie aktiv aktiv erlebt. Ich habe jetzt Avira heruntergeladen. Der findet auch was, ich drücke auf "entfernen", aber es ändert sich nichts und nach 20 Minuten findet er wieder was. Vielleicht kann mir ja einer sagen, was ich tun soll. Weiter unten die LOGs. Besten Dank Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014 Ran by Jan Stephan (administrator) on JANSTEPHAN-HP on 06-09-2014 12:44:45 Running from C:\Users\Jan Stephan\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\ProgramData\DatacardService\DCService.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe ( ) C:\Windows\System32\lxdecoms.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86) (x86)\Lexmark 4800 Series\lxdeamon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\cliconfg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] () HKLM\...\Run: [lxdemon.exe] => C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe [455336 2010-02-15] () HKLM\...\Run: [lxdeamon] => C:\Program Files (x86)\Lexmark 4800 Series\lxdeamon.exe [25256 2010-02-15] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [3331944 2009-12-04] (Symantec Corporation) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-01-25] (EasyBits Software AS) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation) HKLM-x32\...\Run: [lxdemon.exe] => C:\Program Files (x86) (x86)\Lexmark 4800 Series\lxdemon.exe [455336 2010-02-15] () HKLM-x32\...\Run: [lxdeamon] => C:\Program Files (x86) (x86)\Lexmark 4800 Series\lxdeamon.exe [25256 2010-02-15] () HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-01-28] (Hewlett-Packard) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation) HKU\S-1-5-21-3680024373-2614034990-369734666-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard) HKU\S-1-5-21-3680024373-2614034990-369734666-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-3680024373-2614034990-369734666-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation) HKU\S-1-5-21-3680024373-2614034990-369734666-1000\...\Run: [over_the_counter] => C:\ProgramData\Adobe\ARM\Reader_10.1.4\10210\peak_flow_meter\bitlocker_enterprise.exe [178688 2013-04-30] () HKU\S-1-5-21-3680024373-2614034990-369734666-1000\...\MountPoints2: {593488e2-1db5-11e0-9d2b-1cc1de5c6af6} - G:\AutoRun.exe HKU\S-1-5-21-3680024373-2614034990-369734666-1000\...\MountPoints2: {593488f7-1db5-11e0-9d2b-1cc1de5c6af6} - G:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Lexmark Symbolleiste -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files (x86)\Lexmark Toolbar\toolband.dll () BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll () Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-08] (EasyBits Software Corp.) Tcpip\..\Interfaces\{45FE40D6-74C6-4AF0-ABF7-63E38CC0A853}: [NameServer] 62.109.121.1 62.109.121.2 Tcpip\..\Interfaces\{F13EF600-0C93-4BC6-92F8-92E72093178C}: [NameServer] 193.189.244.225 193.189.244.206 FireFox: ======== FF ProfilePath: C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default FF DefaultSearchEngine: Wikipedia (de) FF SelectedSearchEngine: Wikipedia (de) FF Homepage: hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de  fficialFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\Extensions\abs@avira.com [2014-09-05] FF Extension: United States English Spellchecker - C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24] FF Extension: Personas Plus - C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\Extensions\personas@christopher.beard.xpi [2011-06-13] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{google  ageClassification}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG) R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed] R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-01-25] (EasyBits Software AS) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed] R2 lxde_device; C:\Windows\system32\lxdecoms.exe [1053104 2007-05-29] ( ) R2 lxde_device; C:\Windows\SysWOW64\lxdecoms.exe [598960 2007-05-29] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-12] (Symantec Corporation) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-08-27] (CACE Technologies) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 12:44 - 2014-09-06 12:53 - 00020817 _____ () C:\Users\Jan Stephan\Downloads\FRST.txt 2014-09-06 12:44 - 2014-09-06 12:46 - 00000000 ____D () C:\FRST 2014-09-06 12:40 - 2014-09-06 12:40 - 02104832 _____ (Farbar) C:\Users\Jan Stephan\Downloads\FRST64.exe 2014-09-06 12:36 - 2014-09-06 12:36 - 01096704 _____ (Farbar) C:\Users\Jan Stephan\Downloads\FRST.exe 2014-09-06 12:33 - 2014-09-06 12:33 - 00000484 _____ () C:\Users\Jan Stephan\Downloads\defogger_disable.log 2014-09-06 12:33 - 2014-09-06 12:33 - 00000000 _____ () C:\Users\Jan Stephan\defogger_reenable 2014-09-06 12:30 - 2014-09-06 12:30 - 00050477 _____ () C:\Users\Jan Stephan\Downloads\Defogger.exe 2014-09-03 22:32 - 2014-09-03 22:32 - 00001308 _____ () C:\Users\Jan Stephan\Desktop\Norton Installation Files.lnk 2014-09-03 22:32 - 2014-09-03 22:32 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-09-03 09:42 - 2014-09-03 09:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-09-03 09:34 - 2014-09-03 09:34 - 00000000 ____D () C:\Users\Jan Stephan\AppData\Roaming\Avira 2014-09-03 09:31 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-09-03 09:31 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-09-03 09:31 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-09-03 09:21 - 2014-09-03 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-03 09:21 - 2014-09-03 09:31 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-09-03 09:21 - 2014-09-03 09:21 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-03 09:20 - 2014-09-03 09:31 - 00000000 ____D () C:\ProgramData\Avira 2014-09-03 09:20 - 2014-09-03 09:20 - 04755688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jan Stephan\Downloads\avira_de_av___ws.exe 2014-09-03 09:20 - 2014-09-03 09:20 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-02 08:45 - 2014-09-02 08:47 - 00000000 ____D () C:\ProgramData\vttcs 2014-09-02 08:39 - 2014-09-03 09:51 - 00000000 ___HD () C:\Users\Jan Stephan\AppData\Roaming\Ntpba 2014-09-01 21:57 - 2014-09-06 10:21 - 00015833 ____H () C:\Users\Jan Stephan\Desktop\~WRL0006.tmp 2014-08-28 06:10 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 06:10 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 06:10 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-17 17:51 - 2014-08-17 17:51 - 18995593 _____ () C:\Users\Jan Stephan\Desktop\frieder info.eml 2014-08-15 03:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-15 03:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-15 03:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-15 03:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-15 03:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-15 03:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-15 03:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-15 03:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-14 06:14 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-14 06:14 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-14 06:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-14 06:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-14 06:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-14 06:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-14 06:14 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-14 06:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-14 06:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-14 06:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-14 06:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-14 06:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-14 06:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-14 06:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-14 06:14 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-14 06:14 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-14 06:14 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-14 06:14 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-14 06:14 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-14 06:14 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-14 06:14 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-14 06:14 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-14 06:13 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 06:13 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 06:13 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 06:13 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 06:13 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-14 06:13 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-14 06:13 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 06:13 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-14 06:13 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-14 06:13 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 06:13 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-14 06:13 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 06:13 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 06:13 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 06:13 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-14 06:13 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-14 06:13 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-14 06:13 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-14 06:13 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-14 06:13 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-14 06:13 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-14 06:13 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-14 06:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-14 06:13 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-14 06:13 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-14 06:13 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-14 06:13 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-14 06:13 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-14 06:13 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 06:13 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 06:13 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-14 06:13 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-14 06:13 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-14 06:13 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-14 06:13 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-14 06:13 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-14 06:13 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 06:13 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 06:13 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-14 06:13 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 06:13 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 06:13 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-14 06:13 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-14 06:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 06:13 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 06:13 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 06:13 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 06:13 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 06:13 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-14 06:13 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-14 06:13 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 06:13 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 06:13 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-14 06:13 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-14 06:13 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-14 06:13 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-14 06:13 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-14 06:13 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-14 06:11 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-14 06:11 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-14 06:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-14 06:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 13:27 - 2011-10-03 18:52 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-06 13:04 - 2013-03-20 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-06 12:53 - 2014-09-06 12:44 - 00020817 _____ () C:\Users\Jan Stephan\Downloads\FRST.txt 2014-09-06 12:46 - 2014-09-06 12:44 - 00000000 ____D () C:\FRST 2014-09-06 12:40 - 2014-09-06 12:40 - 02104832 _____ (Farbar) C:\Users\Jan Stephan\Downloads\FRST64.exe 2014-09-06 12:36 - 2014-09-06 12:36 - 01096704 _____ (Farbar) C:\Users\Jan Stephan\Downloads\FRST.exe 2014-09-06 12:33 - 2014-09-06 12:33 - 00000484 _____ () C:\Users\Jan Stephan\Downloads\defogger_disable.log 2014-09-06 12:33 - 2014-09-06 12:33 - 00000000 _____ () C:\Users\Jan Stephan\defogger_reenable 2014-09-06 12:33 - 2010-12-20 16:53 - 00000000 ____D () C:\Users\Jan Stephan 2014-09-06 12:30 - 2014-09-06 12:30 - 00050477 _____ () C:\Users\Jan Stephan\Downloads\Defogger.exe 2014-09-06 11:15 - 2011-01-16 18:20 - 00000000 ____D () C:\Users\Jan Stephan\AppData\Local\CrashDumps 2014-09-06 10:27 - 2011-10-03 18:52 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-06 10:21 - 2014-09-01 21:57 - 00015833 ____H () C:\Users\Jan Stephan\Desktop\~WRL0006.tmp 2014-09-06 09:37 - 2010-12-20 16:51 - 01631446 _____ () C:\Windows\WindowsUpdate.log 2014-09-06 08:57 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-06 08:57 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-05 22:32 - 2012-03-23 12:25 - 00000464 ____H () C:\Windows\Tasks\Norton Security Scan for Jan Stephan.job 2014-09-05 11:39 - 2011-10-03 18:52 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-05 02:45 - 2012-11-20 21:00 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{543B2867-7AAD-4765-8367-5BEC5AD164EE} 2014-09-04 18:43 - 2013-01-21 20:34 - 00000000 ___RD () C:\Users\Jan Stephan\Dropbox 2014-09-04 18:43 - 2013-01-21 19:51 - 00000000 ____D () C:\Users\Jan Stephan\AppData\Roaming\Dropbox 2014-09-04 18:38 - 2012-11-02 20:44 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-04 18:17 - 2010-07-08 18:26 - 01218870 _____ () C:\Windows\system32\perfh007.dat 2014-09-04 18:17 - 2010-07-08 18:26 - 00312466 _____ () C:\Windows\system32\perfc007.dat 2014-09-04 18:17 - 2009-07-14 07:13 - 00006462 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-04 18:11 - 2014-05-22 11:05 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-09-04 18:10 - 2014-05-25 08:01 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForJan Stephan.job 2014-09-04 18:10 - 2010-07-08 19:41 - 00322682 _____ () C:\Windows\PFRO.log 2014-09-04 18:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-04 18:10 - 2009-07-14 06:51 - 00123431 _____ () C:\Windows\setupact.log 2014-09-04 18:06 - 2010-07-08 18:22 - 00000000 ____D () C:\ProgramData\Norton 2014-09-03 22:32 - 2014-09-03 22:32 - 00001308 _____ () C:\Users\Jan Stephan\Desktop\Norton Installation Files.lnk 2014-09-03 22:32 - 2014-09-03 22:32 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-09-03 10:07 - 2014-05-25 08:01 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJan Stephan 2014-09-03 09:51 - 2014-09-02 08:39 - 00000000 ___HD () C:\Users\Jan Stephan\AppData\Roaming\Ntpba 2014-09-03 09:34 - 2014-09-03 09:42 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-09-03 09:34 - 2014-09-03 09:34 - 00000000 ____D () C:\Users\Jan Stephan\AppData\Roaming\Avira 2014-09-03 09:32 - 2014-09-03 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-09-03 09:31 - 2014-09-03 09:21 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-09-03 09:31 - 2014-09-03 09:20 - 00000000 ____D () C:\ProgramData\Avira 2014-09-03 09:21 - 2014-09-03 09:21 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-09-03 09:20 - 2014-09-03 09:20 - 04755688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Jan Stephan\Downloads\avira_de_av___ws.exe 2014-09-03 09:20 - 2014-09-03 09:20 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-02 08:47 - 2014-09-02 08:45 - 00000000 ____D () C:\ProgramData\vttcs 2014-09-01 18:37 - 2010-12-20 16:53 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job 2014-09-01 13:52 - 2012-04-02 18:17 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJANSTEPHAN-HP$ 2014-09-01 13:52 - 2012-04-02 18:17 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForJANSTEPHAN-HP$.job 2014-08-29 03:17 - 2009-07-14 06:45 - 00357872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-23 13:40 - 2011-02-26 19:00 - 00196608 _____ () C:\Windows\system32\Ikeext.etl 2014-08-23 13:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-08-23 13:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-23 04:07 - 2014-08-28 06:10 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 06:10 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 06:10 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 13:25 - 2013-01-21 20:34 - 00000999 _____ () C:\Users\Jan Stephan\Desktop\Dropbox.lnk 2014-08-22 13:25 - 2013-01-21 19:51 - 00000000 ____D () C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-17 17:51 - 2014-08-17 17:51 - 18995593 _____ () C:\Users\Jan Stephan\Desktop\frieder info.eml 2014-08-15 10:30 - 2014-09-03 09:31 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-08-15 10:30 - 2014-09-03 09:31 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-15 10:30 - 2014-09-03 09:31 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-08-15 04:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-15 03:34 - 2013-03-14 04:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-15 03:34 - 2013-03-14 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-15 03:34 - 2012-06-26 22:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-15 03:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-15 03:16 - 2011-01-20 20:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-15 03:08 - 2013-07-23 03:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-15 03:06 - 2011-01-25 19:04 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-15 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-07 04:06 - 2014-08-14 06:11 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 04:01 - 2014-08-14 06:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Jan Stephan\AppData\Local\Temp\AutoRun.exe C:\Users\Jan Stephan\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jan Stephan\AppData\Local\Temp\avgnt.exe C:\Users\Jan Stephan\AppData\Local\Temp\CmdLineExt03.dll C:\Users\Jan Stephan\AppData\Local\Temp\COMAP.EXE C:\Users\Jan Stephan\AppData\Local\Temp\contentDATs.exe C:\Users\Jan Stephan\AppData\Local\Temp\drm_dialogs.dll C:\Users\Jan Stephan\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Jan Stephan\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\Jan Stephan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgxmsbk.dll C:\Users\Jan Stephan\AppData\Local\Temp\EAD63E0.exe C:\Users\Jan Stephan\AppData\Local\Temp\EAD6D71.exe C:\Users\Jan Stephan\AppData\Local\Temp\EAD7AAB.exe C:\Users\Jan Stephan\AppData\Local\Temp\EADC82E.exe C:\Users\Jan Stephan\AppData\Local\Temp\EPCPSetup.exe C:\Users\Jan Stephan\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Jan Stephan\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Jan Stephan\AppData\Local\Temp\installerdll144254.dll C:\Users\Jan Stephan\AppData\Local\Temp\installerdll145845.dll C:\Users\Jan Stephan\AppData\Local\Temp\installerdll206716.dll C:\Users\Jan Stephan\AppData\Local\Temp\installerdll230990.dll C:\Users\Jan Stephan\AppData\Local\Temp\installerdll280598.dll C:\Users\Jan Stephan\AppData\Local\Temp\installerdll510544.dll C:\Users\Jan Stephan\AppData\Local\Temp\Resource.exe C:\Users\Jan Stephan\AppData\Local\Temp\rootsupd.exe C:\Users\Jan Stephan\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Jan Stephan\AppData\Local\Temp\SEVINST64x86.EXE C:\Users\Jan Stephan\AppData\Local\Temp\sp49905.exe.exe C:\Users\Jan Stephan\AppData\Local\Temp\sp53904.exe C:\Users\Jan Stephan\AppData\Local\Temp\sp54931.exe C:\Users\Jan Stephan\AppData\Local\Temp\sp58915.exe C:\Users\Jan Stephan\AppData\Local\Temp\sp64126.exe C:\Users\Jan Stephan\AppData\Local\Temp\UninstallEADM.dll C:\Users\Jan Stephan\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Jan Stephan\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Jan Stephan\AppData\Local\Temp\vcredist_x86.exe C:\Users\Jan Stephan\AppData\Local\Temp\_is18AE.exe C:\Users\Jan Stephan\AppData\Local\Temp\_isA547.exe C:\Users\Jan Stephan\AppData\Local\Temp\_isB1E0.exe C:\Users\Jan Stephan\AppData\Local\Temp\_isD0D5.exe C:\Users\Jan Stephan\AppData\Local\Temp\_isD5F4.exe C:\Users\Jan Stephan\AppData\Local\Temp\_isE455.exe C:\Users\Jan Stephan\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 00:51 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014 Ran by Jan Stephan at 2014-09-06 14:01:51 Running from C:\Users\Jan Stephan\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{F9F4430E-80DE-EC0F-BF8E-476352C8F954}) (Version: 3.0.765.0 - ATI Technologies, Inc.) Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira) Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation) Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden BRINK (HKLM-x32\...\Steam App 22350) (Version: - Splash Damage) Bus Driver (x32 Version: 2.2.0.82 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Catalyst Control Center HydraVision Full (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0310.1824.32984 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0310.1824.32984 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help English (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help French (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help German (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0310.1823.32984 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden ccc-core-static (x32 Version: 2010.0310.1824.32984 - ATI) Hidden ccc-utility64 (Version: 2010.0310.1824.32984 - ATI) Hidden ChessBase 9 (HKLM-x32\...\{3FD2223E-C8A2-48C4-AA81-0A0EC47B7860}) (Version: 2 - ) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2712 - CyberLink Corp.) CyberLink DVD Suite Deluxe (x32 Version: 7.0.2712 - CyberLink Corp.) Hidden devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.1.3.0 - devolo AG) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Dream Chronicles (x32 Version: 2.2.0.82 - WildTangent) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) Druckerdeinstallation für EPSON BX305 Series (HKLM\...\EPSON BX305 Series) (Version: - SEIKO EPSON Corporation) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden EA Download Manager (HKLM-x32\...\EADM) (Version: 8.0.3.427 - Electronic Arts, Inc.) EPSON BX305 Series Handbuch (HKLM-x32\...\EPSON BX305 Series Manual) (Version: - ) Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden FIFA 10 (HKLM-x32\...\{11202615-E557-4ECF-9B86-F59C81E52909}) (Version: 1.0.0.0 - Electronic Arts) FUSSBALL MANAGER 06 (HKLM-x32\...\{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}) (Version: - ) FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: - Electronic Arts) GameSpy Comrade (HKLM-x32\...\{176B3593-72F1-459C-829C-5E9671E2CB35}) (Version: 1.4.3.154 - GameSpy) Gem Shop (x32 Version: 2.2.0.82 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.) Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5418.39 - PC-Doctor, Inc.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden HP Game Console (x32 Version: - WildTangent) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3902 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 4.0.3902 - Hewlett-Packard) Hidden HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3910 - Hewlett-Packard) HP MediaSmart Music (x32 Version: 4.0.3910 - Hewlett-Packard) Hidden HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart Photo (x32 Version: 4.0.3911 - Hewlett-Packard) Hidden HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart Video (x32 Version: 4.0.3911 - Hewlett-Packard) Hidden HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Setup (HKLM-x32\...\{F5C7FD70-2C0A-401E-95E9-916363567DDA}) (Version: 1.2.4048.3310 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2610 - CyberLink Corp.) Hidden Lexmark 4800 Series (HKLM\...\Lexmark 4800 Series) (Version: - Lexmark International, Inc.) Lexmark 4800 Series (HKLM-x32\...\Lexmark 4800 Series) (Version: - Lexmark International, Inc.) Lexmark Symbolleiste (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 2.0.3.0 - ) LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS) Mahjongg Artifacts (x32 Version: 2.2.0.82 - WildTangent) Hidden Max Payne 2 (HKLM-x32\...\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}) (Version: 1.01.102 - ) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.04.528 - Huawei Technologies Co.,Ltd) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.0.116 - Hewlett-Packard) Mystery P.I. - The Vegas Heist (x32 Version: 2.2.0.82 - WildTangent) Hidden Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec) Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation) Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG) PlayChess (HKLM-x32\...\PlayChess) (Version: - ChessBase GmbH) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.) Power2Go (x32 Version: 6.1.3810 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.2704 - CyberLink Corp.) Hidden ps0l6nulu17 (HKLM\...\{5431d470-3a5e-4cb7-ac9d-1750c5e9f279}.sdb) (Version: - ) QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2719 - CyberLink Corp.) Hidden RuntimeLibsVC90 (HKLM-x32\...\{F000DE4C-B6CB-4181-BAFF-EC5DA2A9C156}) (Version: 1.1.0 - Microsoft) Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games) Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games) Sid Meier's Railroad Tycoon (HKLM-x32\...\Sid Meier's Railroad Tycoon) (Version: 1.0 - 2K Games) Slingo Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.82 - WildTangent) Hidden Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3680024373-2614034990-369734666-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 22-08-2014 11:20:53 Windows Update 26-08-2014 12:46:26 Windows Update 29-08-2014 01:00:11 Windows Update 02-09-2014 18:45:54 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03DADA7F-44FC-4700-A912-D8E8C5B0D2E3} - System32\Tasks\{FF382937-09DD-4671-8143-D6C4E85254D5} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe Task: {0953873D-57FF-48F6-8A3C-6159668DAD7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03] (Google Inc.) Task: {1607A8D5-FFC1-4C81-A5D8-ED094098F35F} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe Task: {1AAB86DD-7A25-430D-8EAC-3662F514124F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {2FC64D0D-C375-4981-AEE3-67F8E14CFBDD} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] () Task: {3D64754C-C537-4030-9C08-42E72321AB42} - System32\Tasks\HPCeeScheduleForJan Stephan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard) Task: {569153D0-90CD-4365-A3A4-DD84FFD9C86E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {5AA39377-B13B-4CFA-BFFE-D9599417B905} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe Task: {6E324709-9A95-47C4-A257-8E85F3415D90} - System32\Tasks\HPCeeScheduleForJANSTEPHAN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard) Task: {73A2E132-3D12-4AFF-B5FE-2F4CFCE20B5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03] (Google Inc.) Task: {7CB11373-3E16-430F-8117-AC80484C0318} - System32\Tasks\Norton Security Scan for Jan Stephan => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation) Task: {87A630FF-D2CA-4820-A0D9-B07C1FAC3B78} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {9FC36093-70DF-4292-AEF2-5C9CBC708E3A} - System32\Tasks\{B1289B05-0675-4B09-B305-943FF35AA17D} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe Task: {B9A38CC8-77B8-4312-A309-DA6365B99AF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {C1EDC67D-1653-4217-A60C-E03406F16934} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] () Task: {C55A7A30-CF5C-4F7B-9D75-D40099E23B99} - System32\Tasks\{356BA669-5374-4B6A-9D7A-B59B38F356FA} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe Task: {D8ACC979-ECAF-4176-8D60-37A07392FC10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.) Task: {E5EFB88F-7A8C-4A0D-B0DB-E0C1A6C18078} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-02] (PC-Doctor, Inc.) Task: {E9A67AB7-3390-47CF-B11C-89633C513377} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJan Stephan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForJANSTEPHAN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\Norton Security Scan for Jan Stephan.job => C:\PROGRA~2\NORTON~3\Engine\410~1.28\Nss.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe ==================== Loaded Modules (whitelisted) ============= 2010-08-19 10:52 - 2010-08-19 10:52 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe 2010-01-18 19:21 - 2010-01-18 19:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2011-01-20 21:07 - 2010-02-15 14:58 - 00455336 _____ () C:\Program Files (x86)\Lexmark 4800 Series\lxdemon.exe 2011-01-20 19:15 - 2010-02-15 14:58 - 00025256 _____ () C:\Program Files (x86) (x86)\Lexmark 4800 Series\lxdeamon.exe 2010-01-12 21:49 - 2010-01-12 21:49 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-07-08 17:47 - 2010-07-08 17:47 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2011-01-20 21:07 - 2007-05-24 16:21 - 00278528 _____ () C:\Program Files (x86)\Lexmark 4800 Series\lxdescw.dll 2011-01-20 21:07 - 2007-05-03 11:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 4800 Series\lxdedatr.dll 2014-09-04 18:12 - 2014-09-04 18:12 - 00043008 _____ () c:\Users\Jan Stephan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgxmsbk.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Jan Stephan\AppData\Roaming\Dropbox\bin\libcef.dll 2011-01-20 19:15 - 2010-02-09 08:41 - 00028672 _____ () C:\Program Files (x86) (x86)\Lexmark 4800 Series\App4R.Monitor.Common.dll 2011-01-20 19:15 - 2010-02-09 08:41 - 00036864 _____ () C:\Program Files (x86) (x86)\Lexmark 4800 Series\App4R.Monitor.Core.dll 2011-01-20 19:15 - 2010-02-09 08:40 - 00057344 _____ () C:\Program Files (x86) (x86)\Lexmark 4800 Series\app4r.devmons.mcmdevmon.dll 2011-01-20 19:15 - 2008-06-06 07:45 - 00011776 _____ () C:\Program Files (x86) (x86)\Lexmark 4800 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll 2014-09-03 09:33 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Jan Stephan\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2010-09-28 15:00 - 2010-09-28 15:00 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2010-09-28 15:00 - 2010-09-28 15:00 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2010-09-28 15:00 - 2010-09-28 15:00 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll 2014-06-11 11:56 - 2014-06-11 11:56 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-06-11 11:56 - 2014-06-11 11:56 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-06-11 11:56 - 2014-06-11 11:56 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-07-23 12:14 - 2014-07-23 12:14 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Jan Stephan\Desktop\frieder info.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2014 00:40:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm avscan.exe, Version 14.0.6.548 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 6048 Startzeit: 01cfc9be10b07ae5 Endzeit: 60000 Anwendungspfad: c:\program files (x86)\avira\antivir desktop\avscan.exe Berichts-ID: cddb6504-35b1-11e4-955b-1cc1de5c6af6 Error: (09/06/2014 11:14:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91 Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xdcd8 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (09/06/2014 10:53:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91 Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xf4bc Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (09/06/2014 10:53:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 31.0.0.5310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dc10 Startzeit: 01cfc99bdc47bb8c Endzeit: 1121 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 256f6286-35a3-11e4-955b-1cc1de5c6af6 Error: (09/06/2014 10:13:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.21.25189, Zeitstempel: 0x53fdd63b Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0xf314 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0 Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1 Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2 Berichtskennung: Avira.OE.Systray.exe3 Error: (09/06/2014 10:13:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.IO.FileNotFoundException Stapel: bei Avira.OE.Systray.Program.Main(System.String[]) Error: (09/06/2014 08:36:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.21.25189, Zeitstempel: 0x53fdd63b Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0xe94c Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0 Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1 Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2 Berichtskennung: Avira.OE.Systray.exe3 Error: (09/06/2014 08:36:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.IO.FileNotFoundException Stapel: bei Avira.OE.Systray.Program.Main(System.String[]) Error: (09/06/2014 08:35:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.21.25189, Zeitstempel: 0x53fdd63b Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0xe550 Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0 Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1 Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2 Berichtskennung: Avira.OE.Systray.exe3 Error: (09/06/2014 08:35:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.IO.FileNotFoundException Stapel: bei Avira.OE.Systray.Program.Main(System.String[]) System errors: ============= Error: (09/06/2014 10:21:42 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/05/2014 08:23:39 AM) (Source: ipnathlp) (EventID: 30005) (User: ) Description: 192.168.1.1192.168.137.1 Error: (09/04/2014 06:11:02 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (09/04/2014 10:08:51 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (09/03/2014 04:51:11 PM) (Source: ipnathlp) (EventID: 30005) (User: ) Description: 192.168.1.1192.168.137.1 Error: (09/03/2014 04:51:11 PM) (Source: ipnathlp) (EventID: 30009) (User: ) Description: 0.0.0.0 Error: (09/03/2014 09:53:43 AM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (09/03/2014 09:50:27 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/02/2014 09:56:20 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (09/02/2014 00:41:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (08/23/2011 09:59:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz Percentage of memory in use: 82% Total physical RAM: 4095.24 MB Available physical RAM: 702.02 MB Total Pagefile: 8188.66 MB Available Pagefile: 1139.69 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:686.27 GB) (Free:566.37 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:12.26 GB) (Free:1.5 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 920D2BCB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=686.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
06.09.2014, 20:36
| #2 |
| /// the machine /// TB-Ausbilder    | E-Bay-Mahnung geöffnet - Virus legt Computer lahm Hi,
__________________Scan mit Combofix
__________________ |
|
08.09.2014, 07:19
| #3 |
| | E-Bay-Mahnung geöffnet - Virus legt Computer lahmCode:
ATTFilter Hallo zusammen, habe mich versucht, soweit möglich an die Anleitung, zu halten. Programm hat nicht gemeckert, allerdings musste ich die Maus zwischendurch bewegen, weil der Computer sich zweimal in den Stand-By-Modus verabschiedet hat. Hoffe, das ist kein Problem. Ob ich das mit den Code-Tags richtig verstanden habe, weiß ich nicht so recht. Beste Grüße und vielen Dank für die Bemühungen. Jan P:S.: Habe den Eindruck, das es seltsamerweise wieder besser wird Combofix Logfile: |
|
08.09.2014, 19:06
| #4 |
| /// the machine /// TB-Ausbilder | E-Bay-Mahnung geöffnet - Virus legt Computer lahm Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.09.2014, 22:20
| #5 |
| | E-Bay-Mahnung geöffnet - Virus legt Computer lahm Hallo, so ich bin den Anweisungen gefolgt und hoffe, alles ordentlich zusammenbekommen zu haben. Bin auf die Antwort gespannt, hoffentlich Entwarnung :-) Besten Dank schonmal für die Bemühungen Grüße Jan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Jan Stephan on 10.09.2014 at 23:04:39,03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup" ~~~ FireFox Emptied folder: C:\Users\Jan Stephan\AppData\Roaming\mozilla\firefox\profiles\sb578frp.default\minidumps [280 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.09.2014 at 23:13:52,40 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.09.2014 Suchlauf-Zeit: 20:34:07 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.08.06 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Jan Stephan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 344407 Verstrichene Zeit: 14 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 3940, Löschen bei Neustart, [b383b437d6a5f24473609917e21f56aa] PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Client.exe, 404, Löschen bei Neustart, [52e46a81f08b9b9b0843a42b47bbe31d] Module: 0 (No malicious items detected) Registrierungsschlüssel: 12 PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [b383b437d6a5f24473609917e21f56aa], PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, In Quarantäne, [b383b437d6a5f24473609917e21f56aa], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [84b2c823c4b7c96d24e8fa51798be21e], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, In Quarantäne, [063032b980fb3ff7badcb343669cb64a], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [81b52bc03d3e84b2f290253aea1a7f81], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [a39358934e2dbe78f9a442da818255ab], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [13231fccccaf2b0be12bd477b0546c94], PUP.Optional.RocketTab.A, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, Löschen bei Neustart, [c0768d5e5b209c9a6c2c0fe75da5c739], PUP.Optional.Qone8, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [ec4ae10a3a412a0c13f86edd7292a15f], PUP.Optional.FastStart.A, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Löschen bei Neustart, [b58118d34d2e54e20a1ce1150af816ea], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RocketTab, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webssearches uninstall, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], Registrierungswerte: 4 Trojan.Agent, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|over_the_counter, C:\ProgramData\Adobe\ARM\Reader_10.1.4\10210\peak_flow_meter\schema.exe, Löschen bei Neustart, [70c6f8f389f2b482e22513a632cf768a] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com, In Quarantäne, [082e8c5f4734191d4f4b65f91ee68e72] PUP.Optional.FastStart.A, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [b58118d34d2e54e20a1ce1150af816ea] PUP.Optional.RocketTab.A, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, Löschen bei Neustart, [38fec526aecd6dc9257275818c76718f] Registrierungsdaten: 18 PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[a294e803b0cbf145c5df1ccdcf358779] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[64d240ab0e6d70c6f0b76f7a5ba96f91] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (iexplore.exe), Schlecht: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[b87e69821d5ea78f5b4a6e7bd430eb15] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}),Ersetzt,[46f06e7da1da62d4aeeed118f80c0df3] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[f44243a81f5ce4521d7d8d5c9a6a39c7] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[53e32ac1106b4fe7ced020c92fd505fb] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}),Ersetzt,[2a0c915a2655e3537b25b0393aca758b] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}),Ersetzt,[4cea25c6e596a98dabf7c623dd27946c] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[2a0ce8033b401c1a309b15dec53f3dc3] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[bc7ae506601b45f1bfe5b9300afac13f] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[37ff11da7ffce3531a8dfcedb054e11f] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (iexplore.exe), Schlecht: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[2313fbf0dba056e09e07feeb8e766997] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}),Ersetzt,[270f46a592e9e84e504cbc2def152cd4] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[9b9bf1fa2f4ca690504a8a5f8480c33d] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Ersetzt,[d066b33883f8f3431589d811b153b050] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[f34379726c0fb6806e5d33c037cd32ce] PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Löschen bei Neustart,[62d4f9f27704d85e9d025d8cf311d22e] PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3680024373-2614034990-369734666-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3),Löschen bei Neustart,[0e2885661566e4527823faef0bf91de3] Ordner: 113 PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab, Löschen bei Neustart, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img\skin, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\de, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\en, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es_419, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-BE, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CA, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CH, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-LU, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it-CH, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ja, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pl, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_BR, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_PT, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ru, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\tr, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\vi, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_CN, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_TW, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_metadata, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.SearchProtect.A, C:\Users\Jan Stephan\AppData\Local\SearchProtect, In Quarantäne, [fe38e704ec8f3ff7bb01e7f9bf43e21e], PUP.Optional.SearchProtect.A, C:\Users\Jan Stephan\AppData\Local\SearchProtect\Logs, In Quarantäne, [fe38e704ec8f3ff7bb01e7f9bf43e21e], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [57df49a206751c1a69c27c67fe04718f], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [57df49a206751c1a69c27c67fe04718f], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [57df49a206751c1a69c27c67fe04718f], Dateien: 238 PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [b383b437d6a5f24473609917e21f56aa], Trojan.Agent, C:\ProgramData\Adobe\ARM\Reader_10.1.4\10210\peak_flow_meter\schema.exe, In Quarantäne, [70c6f8f389f2b482e22513a632cf768a], PUP.Optional.SearchHijacker.A, C:\Users\Jan Stephan\AppData\Local\Temp\adks_webssearches_20140820.exe, In Quarantäne, [10269259c2b91224e14e28856f924db3], PUP.Optional.WindowsProtectManger.A, C:\Users\Jan Stephan\AppData\Local\Temp\66A9196B-43C2-4b99-BBD7-28FB64AF3D3B[r]\1.zipDir\tmp\wpm_v20.0.0.722.exe, In Quarantäne, [65d1feed7efdd066efe4f8b8cb363ac6], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, In Quarantäne, [fa3c96553348fd394c4e05f12bd7768a], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, In Quarantäne, [979f37b40d6ed363801a54a26a98b24e], PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [320446a557241422c9d67ba125dede22], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Client.exe, Löschen bei Neustart, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\config.dat, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\makecert.exe, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\TrustedRoot.cer, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\uninstall.exe, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\certutil.exe, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libnspr4.dll, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplc4.dll, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\libplds4.dll, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\nss3.dll, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\smime3.dll, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.RocketTab.A, C:\Program Files (x86)\RocketTab\Resources\softokn3.dll, In Quarantäne, [52e46a81f08b9b9b0843a42b47bbe31d], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\background.html, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\index.html, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\jump.html, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\manifest.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\bookmarks.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img\searchButton.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\classification.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\del.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\main.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\selected.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloud.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloudApp.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloudWebsite.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\createWebsite.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\buttonBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\categoryBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\icons.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchButton.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchLeft.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\selected.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\tabsBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img\skin\headerBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\extensions.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\guide.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\lastVisited.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\notice.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\search.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\google-new-logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\searchicon.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\searchicon2.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\setup.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin\dialBoxStyle.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin\icons.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oBookmarks.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oDownloads.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oExtensions.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oHistory.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oNewtab.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\cloudWallpaper.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\skins.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\categoryBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\delete.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\download.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\icons.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\loading.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\weather.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\css\style.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\logo.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\line.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\locationIcon.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\searchButton.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\weather.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\css\all.css, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\game.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_128.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_16.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_48.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\NEW.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\shopping.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\weather.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\webstore.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\default.jpg, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\iconsprite.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\idialog_s.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\ios5_button.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\left.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\loading.gif, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\loading2.gif, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\qBoxBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_bg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_bg0.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_left.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_left0.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_right.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_right0.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\right.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\selected.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\titleBg.png, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\all.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\background.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\ga.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\jq.mobi.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\jump.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\pop.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\redirect.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\xagainit.js, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\de\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\en\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es_419\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-BE\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CA\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CH\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-LU\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it-CH\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ja\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pl\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_BR\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_PT\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ru\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\tr\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\vi\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_CN\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_TW\messages.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_metadata\verified_contents.json, In Quarantäne, [b87ec823aecd2f073c05419043bfbd43], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\239.json, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\MessageBox.xml, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\uninstallDlg2.xml, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\UninstallManager.exe, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\bg.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\bk_shadow.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\button.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\checkbox.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\checkbox_select.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\loading_bg.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\loading_light.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\scrollbar.bmp, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code\code1.jpg, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code\code2.jpg, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code\code3.jpg, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code\code4.jpg, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code\code5.jpg, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code\code6.jpg, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\webssearches\images\code\Thumbs.db, In Quarantäne, [6fc706e587f43df96042d2ff0df5c53b], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.FastStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [4ee89e4d384348eea746637e3bc706fa], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-08[20-21-15-189].log, In Quarantäne, [57df49a206751c1a69c27c67fe04718f], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [57df49a206751c1a69c27c67fe04718f], PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3" ],), Ersetzt,[0f27bc2fbac13bfb7a3ac95cca3b13ed] PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3",), Ersetzt,[4ceac823dc9fa49283320a1b03024db3] PUP.Optional.QuickStart.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[0531777488f394a2d9fc032181849b65] PUP.Optional.WebsSearches.A, C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3");), Ersetzt,[49ed8269fd7e05317d342104ee17ea16] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 09/09/2014 um 18:26:33
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Jan Stephan - JANSTEPHAN-HP
# Gestartet von : C:\Users\Jan Stephan\Downloads\adwcleaner_3.309.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : BackupStack
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gefunden : C:\Users\Jan Stephan\Desktop\MyPC Backup.lnk
Datei Gefunden : C:\Users\Jan Stephan\Desktop\Sync Folder.lnk
Ordner Gefunden : C:\Program Files (x86)\MyPC Backup
Ordner Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Gefunden : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
Verknüpfung Gefunden : C:\Users\Jan Stephan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3 )
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3&q={searchTerms}
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Jan Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\sb578frp.default\prefs.js ]
Zeile gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
Zeile gefunden : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gefunden : user_pref("browser.search.selectedEngine", "webssearches");
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1410200435&from=adks&uid=ST3750528AS_9VP80EW3");
Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);
-\\ Google Chrome v37.0.2062.103
[ Datei : C:\Users\Jan Stephan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gefunden [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [5439 octets] - [09/09/2014 18:26:33]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5499 octets] ##########
|
|
11.09.2014, 19:19
| #6 |
| /// the machine /// TB-Ausbilder | E-Bay-Mahnung geöffnet - Virus legt Computer lahmESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> E-Bay-Mahnung geöffnet - Virus legt Computer lahm |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
