|
Plagegeister aller Art und deren Bekämpfung: Grauer Bildschirm mit traurig ausschauendem SmileyWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.05.2015, 17:23 | #1 |
| Grauer Bildschirm mit traurig ausschauendem Smiley Guten Tag - ich möchte Sie um Hilfe bitten. Heute habe ich die Nachricht erhalten, dass der Laptop meines Bruders sich nicht mehr richtig starten lässt. Er war am Tag zuvor in einem Online-Spiel gewesen (League of Legends), bis plötzlich von jetzt auf gleich ein schrilles Geräusch aus seinem Laptop ertönte und die Maschine aus unerfindlichen Gründen neu startete. Scheinbar soll beim Neustart ein Ladebildschirm aufgetaucht sein, der ihn darauf hinwies, dass die Daten aktualisiert werden müssen, eben mit traurigem Smiley als Krönung. Seitdem ist es nicht mehr möglich sich über das Konto anzumelden. Um einen technischen Systemfehler auszuschließen habe ich den Versuch unternommen in den abgesicherten Modus zu gelangen - mit Erfolg. Nach einem Scan mit dem Revo Uninstaller stellte ich fest, dass sich irgendwelche unbekannten Programme auf dem PC befanden, die ich bereits schonmal von seinem PC entfernt habe. Nun ist der ganze Mist wieder da. Entweder wird mir etwas verschwiegen oder er hat sich aus purer Ahnungslosigkeit ein schönes Leck gebohrt (der Laptop wird nur als Spielemaschine verwendet). Ich hoffe Sie können mir helfen. |
23.05.2015, 17:51 | #2 |
/// the machine /// TB-Ausbilder | Grauer Bildschirm mit traurig ausschauendem Smiley hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
23.05.2015, 18:23 | #3 |
| Grauer Bildschirm mit traurig ausschauendem Smiley FRST und Additional:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01 Ran by Jaspar (administrator) on LAPPI on 23-05-2015 19:16:20 Running from C:\Users\Jaspar\Downloads Loaded Profiles: Jaspar (Available Profiles: UpdatusUser & Jaspar) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-10-01] (Intel Corporation) HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771032 2013-10-01] (Intel Corporation) HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [769496 2013-10-01] (Intel Corporation) HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.) HKLM-x32\...\Run: [mbot_pl_9] => [X] Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Facebook Update] => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-24] (Facebook Inc.) HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] () HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [BingSvc] => C:\Users\Jaspar\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-05-13] (Client Connect LTD) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-05-13] (Client Connect LTD) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2014-09-24] ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=55&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&SSPV= HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398708465&from=tugs&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=58&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=58&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX FireFox: ======== FF ProfilePath: C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\6vqd8buq.default-1431200109324 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jaspar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml [2014-08-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-19] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\faststartff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\quick_searchff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\sweetsearch@gmail.com FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Firefox\Extensions: [{8E3C10E3-9B89-B515-883F-0A45FF62B29F}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi Chrome: ======= CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX" CHR DefaultSearchKeyword: Default -> delta-homes CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07] CHR Extension: (Google Docs) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07] CHR Extension: (Google Drive) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07] CHR Extension: (Speedial) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-01-07] CHR Extension: (Kaspersky Protection) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-01-07] CHR Extension: (YouTube) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07] CHR Extension: (Google Search) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-07] CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-05-13] CHR Extension: (Google Sheets) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07] CHR Extension: (Bookmark Manager) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Skype Click to Call) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-13] CHR Extension: (Google Wallet) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07] CHR Extension: (Gmail) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07] CHR Extension: (Anti-Banner) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-07] CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS) S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [] S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3274512 2015-05-13] (Client Connect LTD) S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation) S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-15] (XTab system) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO) S1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-28] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO) S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-21] (Razer Inc) S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112 2014-04-29] (StdLib) S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] S2 PEAUTH; system32\drivers\peauth.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-23 19:16 - 2015-05-23 19:16 - 00026297 _____ () C:\Users\Jaspar\Downloads\FRST.txt 2015-05-23 19:16 - 2015-05-23 19:16 - 00000000 ____D () C:\FRST 2015-05-23 19:15 - 2015-05-23 19:15 - 02108416 _____ (Farbar) C:\Users\Jaspar\Downloads\FRST64.exe 2015-05-23 19:15 - 2015-05-23 19:15 - 01147392 _____ (Farbar) C:\Users\Jaspar\Downloads\FRST.exe 2015-05-22 17:39 - 2015-05-22 17:39 - 00000000 __SHD () C:\found.000 2015-05-22 01:06 - 2015-05-22 01:06 - 00305224 _____ () C:\WINDOWS\Minidump\052215-34343-01.dmp 2015-05-22 00:45 - 2015-05-22 00:45 - 00350128 _____ () C:\WINDOWS\Minidump\052215-33062-01.dmp 2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____D () C:\WINDOWS\Minidump 2015-05-20 11:12 - 2015-05-20 22:14 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\avabvbxvh 2015-05-20 11:12 - 2015-05-20 11:12 - 00003456 _____ () C:\WINDOWS\System32\Tasks\avabvbxvh 2015-05-19 14:07 - 2015-05-19 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-13 23:49 - 2015-05-13 23:55 - 00000000 ____D () C:\Users\Jaspar\Documents\Bandicam 2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\BANDISOFT 2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1 2015-05-13 23:48 - 2015-05-13 23:48 - 09864192 _____ (Bandisoft) C:\Users\Jaspar\Downloads\bdcamsetup.exe 2015-05-13 15:39 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 15:39 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 13:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-05-13 13:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-05-13 13:18 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-05-13 13:18 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-05-13 13:17 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-05-13 13:17 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-05-13 13:17 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2015-05-13 13:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-05-13 13:17 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-05-13 13:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-05-13 13:17 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-05-13 13:17 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-05-13 13:17 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-05-13 13:17 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-05-13 13:17 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-05-13 13:17 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-05-13 13:17 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-05-13 13:17 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-05-13 13:17 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-05-13 13:17 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-05-13 13:17 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-05-13 13:17 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-05-13 13:17 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-05-13 13:17 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-05-13 13:17 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-05-13 13:17 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-05-13 13:17 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-05-13 13:17 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-05-13 13:17 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-05-13 13:17 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-05-13 13:17 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-05-13 13:17 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-05-13 13:17 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-05-13 13:17 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-05-13 13:17 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-05-13 13:17 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-05-13 13:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-05-13 13:17 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-05-13 13:17 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-05-13 13:17 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-05-13 13:17 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-05-13 13:17 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-05-13 13:17 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-05-13 13:17 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-05-13 13:17 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-05-13 13:17 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-05-13 13:17 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-05-13 13:17 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-05-13 13:17 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-05-13 13:17 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-05-13 13:17 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-05-13 13:17 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-05-13 13:17 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-05-13 13:17 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2015-05-13 13:17 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2015-05-13 13:17 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2015-05-13 13:17 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2015-05-13 13:17 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-05-13 13:17 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-05-13 13:17 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-05-13 13:17 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-05-13 13:17 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-05-13 13:17 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-05-13 13:17 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-05-13 13:17 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-05-13 13:17 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-05-13 13:17 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-05-13 13:17 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-05-13 13:17 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe 2015-05-13 13:17 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe 2015-05-13 13:17 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-05-13 13:17 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-05-13 13:17 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-05-13 13:17 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-05-13 13:17 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-05-13 13:17 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-13 13:17 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-05-13 13:17 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-05-13 13:17 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-05-09 21:33 - 2015-05-09 21:33 - 00000000 ____D () C:\Users\Jaspar\Tracing 2015-05-09 21:32 - 2015-05-09 21:32 - 00000000 ____D () C:\Program Files (x86)\predm 2015-05-09 21:30 - 2015-05-20 11:12 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2015-05-09 21:30 - 2015-05-09 21:30 - 00002122 _____ () C:\Users\Jaspar\Desktop\Continue Mybest Offerstoday Uninstaller.lnk 2015-05-09 21:30 - 2015-05-09 21:30 - 00001021 _____ () C:\Users\Jaspar\Desktop\GUPlayer.lnk 2015-05-09 21:30 - 2015-05-09 21:30 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer 2015-05-09 21:30 - 2015-05-09 21:30 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\SearchProtect 2015-05-09 21:30 - 2015-05-09 21:30 - 00000000 ____D () C:\Program Files (x86)\GUPlayer 2015-05-09 21:17 - 2015-05-09 21:17 - 00003144 _____ () C:\WINDOWS\System32\Tasks\{A442621D-3DFF-4D44-AED1-BFB8F25EA3C7} 2015-05-09 21:08 - 2015-05-22 01:05 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-09 20:56 - 2015-05-09 20:57 - 00000050 _____ () C:\Users\Jaspar\Desktop\t1.bat 2015-05-09 20:53 - 2015-05-09 20:53 - 00000000 ____D () C:\Users\Jaspar\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} 2015-05-03 16:33 - 2015-05-03 16:33 - 00000000 __SHD () C:\Users\Jaspar\AppData\Local\EmieBrowserModeList 2015-05-02 15:09 - 2015-05-02 15:09 - 00240102 _____ () C:\Users\Jaspar\Documents\ts3_clientui-win32-1407159763-2015-05-02 15_09_51.243762.dmp 2015-04-26 15:58 - 2015-04-26 15:58 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\TeamViewer 2015-04-26 15:57 - 2015-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-04-26 15:56 - 2015-04-26 15:56 - 07970528 _____ (TeamViewer GmbH) C:\Users\Jaspar\Downloads\TeamViewer_Setup_de.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-23 19:07 - 2014-07-12 13:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-05-23 19:07 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-23 19:06 - 2013-08-22 16:46 - 00340092 _____ () C:\WINDOWS\setupact.log 2015-05-22 17:18 - 2015-01-07 20:37 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-22 16:17 - 2014-08-17 12:00 - 431778920 _____ () C:\WINDOWS\MEMORY.DMP 2015-05-22 15:31 - 2014-07-08 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-05-22 01:04 - 2014-11-21 21:29 - 00000000 __RDO () C:\Users\Jaspar\OneDrive 2015-05-22 00:58 - 2015-01-07 20:37 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-22 00:45 - 2014-10-11 20:54 - 00000000 ____D () C:\Users\Jaspar 2015-05-22 00:45 - 2014-09-23 23:06 - 00024410 _____ () C:\WINDOWS\PFRO.log 2015-05-22 00:45 - 2014-02-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-22 00:43 - 2014-10-11 20:47 - 02048338 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-22 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-21 23:27 - 2014-08-08 14:33 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA.job 2015-05-21 18:48 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-05-21 18:46 - 2014-01-22 02:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-705164964-436951070-2432176924-1002 2015-05-21 17:21 - 2014-02-21 19:18 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\TS3Client 2015-05-21 12:00 - 2015-04-16 13:39 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1 2015-05-21 12:00 - 2013-12-09 22:47 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2 2015-05-21 11:27 - 2014-08-08 14:33 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core.job 2015-05-21 10:59 - 2015-03-14 23:14 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-21 10:15 - 2014-01-22 02:44 - 00000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys 2015-05-21 00:00 - 2014-10-30 14:52 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{93648374-8FFE-44A4-9064-D6548AB6A10B} 2015-05-18 22:18 - 2014-02-20 20:25 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-05-18 22:13 - 2014-02-20 20:25 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-05-18 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-16 17:02 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-15 19:53 - 2015-01-07 20:37 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 19:52 - 2015-01-07 20:37 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-05-13 23:49 - 2014-03-26 20:11 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\NVIDIA 2015-05-13 19:43 - 2013-08-22 16:44 - 00362896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-13 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-13 19:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-05-13 15:26 - 2014-09-24 08:00 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-11 21:19 - 2015-03-10 17:15 - 00013312 ___SH () C:\Users\Jaspar\Downloads\Thumbs.db 2015-05-09 21:40 - 2014-06-10 10:03 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-09 21:17 - 2014-08-11 20:01 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\istartsurf 2015-05-09 20:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-05-09 20:15 - 2015-04-15 14:15 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-05-06 17:55 - 2013-04-26 01:15 - 06329286 _____ () C:\WINDOWS\AsDebug.log 2015-05-05 19:59 - 2014-11-20 16:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-05 19:59 - 2014-09-24 09:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-04-26 15:16 - 2013-04-26 01:15 - 01331948 _____ () C:\WINDOWS\AsCDProc.log ==================== Files in the root of some directories ======= 2014-01-22 02:44 - 2015-05-21 10:15 - 0000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys 2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd Files to move or delete: ==================== C:\Users\Jaspar\PSISetup_3.0.0.9016.exe Some files in TEMP: ==================== C:\Users\Jaspar\AppData\Local\Temp\bdcam_0.dll C:\Users\Jaspar\AppData\Local\Temp\bdfilters.dll C:\Users\Jaspar\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Jaspar\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Jaspar\AppData\Local\Temp\dlLogic.exe C:\Users\Jaspar\AppData\Local\Temp\nch1setup.exe C:\Users\Jaspar\AppData\Local\Temp\spstub.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-18 22:11 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01 Ran by Jaspar at 2015-05-23 19:17:39 Running from C:\Users\Jaspar\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-705164964-436951070-2432176924-500 - Administrator - Disabled) Gast (S-1-5-21-705164964-436951070-2432176924-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-705164964-436951070-2432176924-1004 - Limited - Enabled) Jaspar (S-1-5-21-705164964-436951070-2432176924-1002 - Administrator - Enabled) => C:\Users\Jaspar UpdatusUser (S-1-5-21-705164964-436951070-2432176924-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.2 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.4 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.5230.52 - CyberLink Corp.) Hidden Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Desktopicon amazon.de (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - ) HQVro-1.91 (HKLM-x32\...\HQVro-1.91) (Version: 1.34.4.10 - HQVro1) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.11 - www.leaguereplays.com) METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version: - DotEmu) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NVIDIA Graphics Driver 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation) NVIDIA Update 4.11.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 4.11.9 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.) puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.) Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.30.9 - Client Connect LTD) <==== ATTENTION Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) World of Tanks (HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 01-05-2015 17:20:47 Windows Update 09-05-2015 13:55:08 Geplanter Prüfpunkt 13-05-2015 15:23:41 Windows Update 18-05-2015 22:11:49 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2014-05-01 19:42 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2306EAB8-44A7-4A05-8FA8-5851DAC368BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation) Task: {2966056B-AC3A-4963-87CE-4C5AC3FD67BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-24] (Facebook Inc.) Task: {2AAF01B2-AC5A-4354-82F2-9839D99DA97B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {2EC1139E-C7BB-4AA1-A0F0-85E637CDB953} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.) Task: {4CC7F42E-4C4D-4488-BAFF-9C189347CFA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {5B38980F-2222-4BC7-9756-6F9D169EE8AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-24] (Facebook Inc.) Task: {749C614E-0A2A-4533-BFB6-48EB2F27A60D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-29] (AsusTek) Task: {780C522B-64E7-43BF-8D4C-D9CB128C31C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-18] (Microsoft Corporation) Task: {7BE140B9-CC56-443D-9A26-75E7F0B52A1C} - \Advanced System Protector No Task File <==== ATTENTION Task: {84887AC2-DAAC-4922-868F-653C4E80A79A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {865BA5EE-86F6-4F86-9AEC-C4A52AE5F3B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.) Task: {8C37E8F5-B320-41C7-8A92-7B67DC9BB77D} - System32\Tasks\{A442621D-3DFF-4D44-AED1-BFB8F25EA3C7} => pcalua.exe -a C:\Users\Jaspar\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=amt Task: {91A84639-D2D7-4B99-B3E1-1A9E42E50B4A} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe Task: {A088BFDF-1E64-4AFE-A58B-99F97117AFC6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS) Task: {A6C79FA8-E314-457F-8C19-796DDDE77565} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.) Task: {D5DE8A0D-AA96-4778-A27D-1BCD078B03BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.) Task: {E12A3223-E067-48C6-A6AD-9A6B42237C4F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.) Task: {F142EA38-44C1-45A1-B12B-D626628E060E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS) Task: {F9326A37-8F09-415A-AACE-7111CC7F69A4} - System32\Tasks\avabvbxvh => C:\Users\Jaspar\AppData\Local\avabvbxvh\avabvbxvh.exe [2015-05-13] () <==== ATTENTION Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core.job => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA.job => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Jaspar\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-705164964-436951070-2432176924-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img6.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "LOLRecorder.lnk" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\StartupApproved\Run: => "Facebook Update" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{981EBBDB-F0AC-4CC9-B414-FA4B4FF6849F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{27F59C64-8DDA-453C-81DB-C6C451598769}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{BE72DCFA-92B9-4A68-8D3D-894964AE8FEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe FirewallRules: [{4C5E5CD8-F6FF-4ADD-BC33-71F7E6F53D3B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe FirewallRules: [{0A08CD54-5AD2-4AEE-9BD1-F08BF28A5C4C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{14C1B559-1040-4848-81FF-3942014C2E7C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7A5C9B6C-A092-4096-AF31-F9A71B7AA34F}] => (Allow) C:\Users\Jaspar\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{B52E0792-BFCA-41B0-9064-963074DAF661}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8DD3F208-4396-4E10-908E-5AFAF6B484A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D5886BF5-E9D6-4741-8EE8-C9EF2ADBC6EB}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{2A20DC8E-ABF8-4536-A3DD-E6F2D9D9CBD2}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{5F2878D9-BC65-4254-9CFD-7CF599827009}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{7AA64871-B8E4-4141-B6D2-47D4BAE43FE4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{18D087EC-D46F-4D83-9C3C-50C8E8A1A198}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe FirewallRules: [{1B3591C7-92FF-4D8E-8F18-63327169BA67}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{4A42C600-6204-423B-9309-3C505FBF9C64}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{7AE19A65-E6FD-40AF-AD82-F1FCFDAAD3F1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{84CBAA73-13AC-4007-815B-A03A47EFDDC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{27A83B16-B10F-454F-9C4F-7B8842CF70C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{758A85A7-2E39-4011-9101-EA9DF9912277}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{77ABE695-BF91-4C1E-BB96-D36E0B66BAFD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{99AB5382-1059-45AC-AAEB-E32736E99DF9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900 FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869 FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{0F60259D-0A27-452B-9B0C-F86964307B23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe FirewallRules: [{B1695C20-DF06-485E-9B7B-912D68E1F220}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe FirewallRules: [{3A400443-B670-4080-853C-305970A09017}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe FirewallRules: [{9BA9ED05-2603-419B-9960-5816A4EDB879}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe FirewallRules: [{0118FEBF-6ABB-4566-9307-784CF69863AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1DF969E2-08CD-4C0D-A651-78CFA8D732BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3190553F-D805-4033-9FA1-B0F442CD62AF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{00927E5A-5E8F-40D5-9891-6965DED85E28}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F86F2A81-3B2E-4BBF-A1F0-BBC751D83332}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6DCA2E8E-B5F4-43B4-8407-99DFFE961D6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{6C45BDEF-6BF8-490C-AAA6-9C32B64964F0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{128C1AD8-FEA5-4405-99A6-FD6C71399B17}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{7A412163-47D2-4A41-AA18-CEA8EB16D364}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/22/2015 05:34:48 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x80070017. Error: (05/22/2015 05:04:05 PM) (Source: Wininit) (EventID: 1015) (User: ) Description: Ein kritischer Systemprozess C:\WINDOWS\system32\lsass.exe ist fehlgeschlagen mit den Statuscode c000001d. Der Computer muss neu gestartet werden. Error: (05/22/2015 04:15:10 PM) (Source: .NET Runtime) (EventID: 1023) (User: ) Description: Anwendung: AsusWSWinService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 00007FFB853B3395 (00007FFB85350000) mit Exitcode 80131506. Error: (05/22/2015 04:14:58 PM) (Source: Wininit) (EventID: 1015) (User: ) Description: Ein kritischer Systemprozess C:\WINDOWS\system32\lsass.exe ist fehlgeschlagen mit den Statuscode c0000005. Der Computer muss neu gestartet werden. Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107. Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107. Error: (05/22/2015 04:14:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107. Error: (05/22/2015 04:14:18 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT) Description: Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf Ereignis 256 aufgerufen werden. Fehlercode 2147942593. Error: (05/22/2015 04:14:14 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT) Description: Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen werden. Fehlercode 193. Error: (05/22/2015 03:40:42 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: ) Description: ? System errors: ============= Error: (05/23/2015 07:14:03 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/23/2015 07:13:57 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/23/2015 07:13:45 PM) (Source: DCOM) (EventID: 10010) (User: LAPPI) Description: {06622D85-6856-4460-8DE1-A81921B41C4B} Error: (05/23/2015 07:13:45 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/23/2015 07:13:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPPI) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/23/2015 07:13:16 PM) (Source: DCOM) (EventID: 10010) (User: LAPPI) Description: {06622D85-6856-4460-8DE1-A81921B41C4B} Error: (05/23/2015 07:13:13 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (05/23/2015 07:13:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/23/2015 07:13:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (05/23/2015 07:13:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI) Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Microsoft Office: ========================= Error: (05/22/2015 05:34:48 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Windows Update0x80070017 Error: (05/22/2015 05:04:05 PM) (Source: Wininit) (EventID: 1015) (User: ) Description: C:\WINDOWS\system32\lsass.exec000001d Error: (05/22/2015 04:15:10 PM) (Source: .NET Runtime) (EventID: 1023) (User: ) Description: Anwendung: AsusWSWinService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 00007FFB853B3395 (00007FFB85350000) mit Exitcode 80131506. Error: (05/22/2015 04:14:58 PM) (Source: Wininit) (EventID: 1015) (User: ) Description: C:\WINDOWS\system32\lsass.exec0000005 Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -107 Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -107 Error: (05/22/2015 04:14:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -107 Error: (05/22/2015 04:14:18 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT) Description: 2562147942593 Error: (05/22/2015 04:14:14 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT) Description: pautoenr.dll193 Error: (05/22/2015 03:40:42 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: ) Description: ? CodeIntegrity Errors: =================================== Date: 2014-05-01 19:41:36.871 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 11% Total physical RAM: 8077.57 MB Available physical RAM: 7144.97 MB Total Pagefile: 16269.57 MB Available Pagefile: 15400.07 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:269.73 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS Drive e: (TAIS_TOI) (CDROM) (Total:3.65 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 0FE4DC0A) Partition: GPT Partition Type. ==================== End of log ============================ |
24.05.2015, 17:51 | #4 |
/// the machine /// TB-Ausbilder | Grauer Bildschirm mit traurig ausschauendem Smiley Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.05.2015, 20:34 | #5 | |
| Grauer Bildschirm mit traurig ausschauendem Smiley JRT.exe lässt sich nicht ausführen. Entweder startet der PC neu oder die Windowshilfe öffnet sich, wie zu jedem Start des abgesicherten Modus. Außerdem kam auch folgende Fehlermeldung auf: Zitat:
MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.05.2015 Suchlauf-Zeit: 19:23:54 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.25.05 Rootkit Datenbank: v2015.05.24.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Jaspar Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 445530 Verstrichene Zeit: 43 Min, 25 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 60 PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [0acf35620a8013232f1fdb3b07fb05fb], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [27b2e5b2a1e9a78f9e66055c56ad32ce], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64, In Quarantäne, [43965e39aedc90a6db34a662dc282cd4], PUP.Optional.NewTab.C, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [b22784136822f83e89fb69034fb644bc], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905C19DC-1787-48D4-A94E-E0BCC1B0FDBA}, In Quarantäne, [eeeb3265f89256e0fea7690dae578080], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CFCCD01-9DE9-4DA5-9A66-F1DE9CBA57C5}, In Quarantäne, [d504d9bed5b59b9bd9ccfa7cbf46c838], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB591AD8-BBE3-422F-AD5B-2F51DFFA334C}, In Quarantäne, [ce0ba5f2d8b27eb8dbcccea83acb639d], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5014966-B0D9-4BE3-AAA8-F0473FD61EC8}, In Quarantäne, [578233645b2fed49cadd1264d13438c8], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ebeed8bfbfcb979fef99d99615f011ef], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [a8318017cdbd1d19fd55e1265aaa9967], PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\free_soft_today, In Quarantäne, [4a8f0790cac043f308e44121986dea16], PUP.Optional.HQPro.A, HKLM\SOFTWARE\WOW6432NODE\HQVro-1.91, In Quarantäne, [be1be6b12b5ffa3c838a3eb318eb9e62], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [4297c7d06e1c3df96966e40a5fa425db], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [0acf395e5436340237ff5ba907fdca36], PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [ce0b6136d8b2f046d21963a00cf8768a], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [58816334f595c86edb8e372a669f9967], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c316098ef09a74c2beee25dd57ad48b8], PUP.Optional.NewTab.C, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [895034635931d46221633438b64fca36], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905C19DC-1787-48D4-A94E-E0BCC1B0FDBA}, In Quarantäne, [4d8c1285d1b942f4871e5c1acb3a6e92], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CFCCD01-9DE9-4DA5-9A66-F1DE9CBA57C5}, In Quarantäne, [eaef8a0d25650e281e87b3c33dc89e62], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB591AD8-BBE3-422F-AD5B-2F51DFFA334C}, In Quarantäne, [fadfedaaaae06ec8aef95d19fd0852ae], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5014966-B0D9-4BE3-AAA8-F0473FD61EC8}, In Quarantäne, [af2a0196d5b537ff64433a3cf312bd43], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b9209afda0ea9f970a0c5190778c3bc5], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [67728c0baddd2f07872443bf966e0cf4], PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, In Quarantäne, [7b5eaaed404a96a0bf715b129d6805fb], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [5f7a24734545cb6b961393625ea5b54b], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [04d53067573347ef28957187729116ea], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [a73226717d0d290d10ae49afa063619f], PUP.Optional.HQPro.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQVro-1.91, In Quarantäne, [21b8e8af34564fe7db30b93849ba60a0], PUP.Optional.MBOT.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\mybestofferstoday, In Quarantäne, [538684138505241204c430ba2ed5ef11], PUP.Optional.WebSearches.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\SupHpUISoft, In Quarantäne, [6079781fb8d21125ee43cb39b74d0df3], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\TutoTag, In Quarantäne, [7267742391f983b340dbc79d37cebe42], PUP.Optional.HQPro.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\APPDATALOW\SOFTWARE\HQVro-1.91, In Quarantäne, [16c37a1d96f454e2907b638e29da9769], PUP.Optional.ReMarkit.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, In Quarantäne, [78618e09e6a4191daa8c24d973905fa1], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15A6C94A-9E7F-4664-A4F7-5213C425C2E5}, In Quarantäne, [6970b4e3b8d2bc7a1e86ee88d035a25e], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{24DC681D-E46F-4BA9-A0AA-274B25A94564}, In Quarantäne, [4d8c1d7aa0ea092dcdd7c3b3a0653dc3], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B3B5BC2-DA69-488E-BD14-CA5C5C5A8B40}, In Quarantäne, [4a8f62355436d165356e6a0c8382b54b], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42FBCD7C-18A3-4C9A-82A6-D9B01725BE5B}, In Quarantäne, [13c62176731763d3960d25512fd630d0], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73A943EB-D88A-43CB-B619-362516368A63}, In Quarantäne, [499067304248bc7a9d07bdb98c79bb45], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{767BD76C-9F32-4D1D-B71D-725577D6A36E}, In Quarantäne, [fcdd1c7b424862d4762e6b0bb84d46ba], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{791640C7-37B9-4EBB-B16C-C5A6EC1B3E57}, In Quarantäne, [32a7dabd15755bdb1b89680e9e67de22], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D47EABA-E55B-47F1-A5F5-14E0ACC5E234}, In Quarantäne, [1cbdf2a52f5b61d59e05abcbac5959a7], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905C19DC-1787-48D4-A94E-E0BCC1B0FDBA}, In Quarantäne, [f4e597000d7dda5c2d750b6b5ca91ce4], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CFCCD01-9DE9-4DA5-9A66-F1DE9CBA57C5}, In Quarantäne, [c910c4d38bff6acc158d1f572bdadf21], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8853FAF-CC80-4E56-84F1-9B7F3DCEDF19}, In Quarantäne, [72675e392f5b8fa7f2b2fa7c62a3ed13], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB591AD8-BBE3-422F-AD5B-2F51DFFA334C}, In Quarantäne, [0bceefa8d2b8082ee0c456200401eb15], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF281F83-A57A-4843-A0BF-E7691959A534}, In Quarantäne, [5d7cdcbbd6b42016bee5ed8908fdf907], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB13E534-9E03-4C19-BD41-F04C904B46C7}, In Quarantäne, [e5f470272763a88e7e26fc7af510e21e], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFF13A4F-517B-4DB2-87D9-245DDF30C610}, In Quarantäne, [ba1f2176573360d640644036ca3b56aa], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E99580A1-D7D9-4160-8F2D-1FCD2C5C6732}, In Quarantäne, [3b9ea3f4236761d5673c274f22e32bd5], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5014966-B0D9-4BE3-AAA8-F0473FD61EC8}, In Quarantäne, [ab2e8f089febda5ce5bf284ea16427d9], PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC92366E-D80C-4E68-B056-7A60A334CDF4}, In Quarantäne, [ac2d7e193753f145ced6f77fe32251af], PUP.Optional.Trovi.C, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [a336c6d1d1b987af24a685f0699cd52b], PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [a732890e305aff370f7fcf11867dff01], PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}, In Quarantäne, [c6135b3c395184b2e2ac9b455ca7768a], PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [c21751462a604fe77c9925bc40c3639d], PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [edecbadddfabdf57642a05dbaa599f61], PUP.Optional.SweetSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [30a906915a3084b254d0825d9b687090], PUP.Optional.HQPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HQVro-1.91, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], PUP.Optional.GUPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GUPlayer, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], Registrierungswerte: 50 PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905c19dc-1787-48d4-a94e-e0bcc1b0fdba}|AppName, HQVro-1.91-bg.exe, In Quarantäne, [eeeb3265f89256e0fea7690dae578080] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cfccd01-9de9-4da5-9a66-f1de9cba57c5}|AppName, MediaPlayerplus-bg.exe, In Quarantäne, [d504d9bed5b59b9bd9ccfa7cbf46c838] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab591ad8-bbe3-422f-ad5b-2f51dffa334c}|AppName, MediaPlayerplus-codedownloader.exe, In Quarantäne, [ce0ba5f2d8b27eb8dbcccea83acb639d] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5014966-b0d9-4be3-aaa8-f0473fd61ec8}|AppName, HQVro-1.91-codedownloader.exe, In Quarantäne, [578233645b2fed49cadd1264d13438c8] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398708465&from=tugs&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [29b03a5de6a48ea84f022cb1b64df60a] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [ebeed8bfbfcb979fef99d99615f011ef] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [98412e694d3d84b27b0dea85d035ec14] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905c19dc-1787-48d4-a94e-e0bcc1b0fdba}|AppName, HQVro-1.91-bg.exe, In Quarantäne, [4d8c1285d1b942f4871e5c1acb3a6e92] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cfccd01-9de9-4da5-9a66-f1de9cba57c5}|AppName, MediaPlayerplus-bg.exe, In Quarantäne, [eaef8a0d25650e281e87b3c33dc89e62] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab591ad8-bbe3-422f-ad5b-2f51dffa334c}|AppName, MediaPlayerplus-codedownloader.exe, In Quarantäne, [fadfedaaaae06ec8aef95d19fd0852ae] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5014966-b0d9-4be3-aaa8-f0473fd61ec8}|AppName, HQVro-1.91-codedownloader.exe, In Quarantäne, [af2a0196d5b537ff64433a3cf312bd43] PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [b9209afda0ea9f970a0c5190778c3bc5] PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [2aaf8a0d2664cc6a9d7917cad13248b8] PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_pl_9, In Quarantäne, [3a9f64332a60b581f6f439ca23e1c739], PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\faststartff@gmail.com, In Quarantäne, [ddfc5d3a9eec50e6b4dd481819ecbf41] PUP.Optional.QuickSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\quick_searchff@gmail.com, In Quarantäne, [edec6b2cb4d6b383ce2f0bd349baab55] PUP.Optional.SweetSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\sweetsearch@gmail.com, In Quarantäne, [66734d4a830754e2e9156b737f8428d8] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [67728c0baddd2f07872443bf966e0cf4] PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, A89A44BE-10D7-43CC-9B5D-450830CF699D, In Quarantäne, [7b5eaaed404a96a0bf715b129d6805fb] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15A6C94A-9E7F-4664-A4F7-5213C425C2E5}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-codedownloader.exe, In Quarantäne, [6970b4e3b8d2bc7a1e86ee88d035a25e] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{24DC681D-E46F-4BA9-A0AA-274B25A94564}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [4d8c1d7aa0ea092dcdd7c3b3a0653dc3] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B3B5BC2-DA69-488E-BD14-CA5C5C5A8B40}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-buttonutil.exe, In Quarantäne, [4a8f62355436d165356e6a0c8382b54b] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42FBCD7C-18A3-4C9A-82A6-D9B01725BE5B}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-buttonutil.exe, In Quarantäne, [13c62176731763d3960d25512fd630d0] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73A943EB-D88A-43CB-B619-362516368A63}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [499067304248bc7a9d07bdb98c79bb45] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{767BD76C-9F32-4D1D-B71D-725577D6A36E}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-codedownloader.exe, In Quarantäne, [fcdd1c7b424862d4762e6b0bb84d46ba] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{791640C7-37B9-4EBB-B16C-C5A6EC1B3E57}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [32a7dabd15755bdb1b89680e9e67de22] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D47EABA-E55B-47F1-A5F5-14E0ACC5E234}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-buttonutil.exe, In Quarantäne, [1cbdf2a52f5b61d59e05abcbac5959a7] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905c19dc-1787-48d4-a94e-e0bcc1b0fdba}|AppName, HQVro-1.91-bg.exe, In Quarantäne, [f4e597000d7dda5c2d750b6b5ca91ce4] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cfccd01-9de9-4da5-9a66-f1de9cba57c5}|AppName, MediaPlayerplus-bg.exe, In Quarantäne, [c910c4d38bff6acc158d1f572bdadf21] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8853FAF-CC80-4E56-84F1-9B7F3DCEDF19}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-codedownloader.exe, In Quarantäne, [72675e392f5b8fa7f2b2fa7c62a3ed13] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab591ad8-bbe3-422f-ad5b-2f51dffa334c}|AppName, MediaPlayerplus-codedownloader.exe, In Quarantäne, [0bceefa8d2b8082ee0c456200401eb15] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF281F83-A57A-4843-A0BF-E7691959A534}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-buttonutil.exe, In Quarantäne, [5d7cdcbbd6b42016bee5ed8908fdf907] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB13E534-9E03-4C19-BD41-F04C904B46C7}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [e5f470272763a88e7e26fc7af510e21e] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFF13A4F-517B-4DB2-87D9-245DDF30C610}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [ba1f2176573360d640644036ca3b56aa] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E99580A1-D7D9-4160-8F2D-1FCD2C5C6732}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-buttonutil.exe, In Quarantäne, [3b9ea3f4236761d5673c274f22e32bd5] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5014966-b0d9-4be3-aaa8-f0473fd61ec8}|AppName, HQVro-1.91-codedownloader.exe, In Quarantäne, [ab2e8f089febda5ce5bf284ea16427d9] PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC92366E-D80C-4E68-B056-7A60A334CDF4}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [ac2d7e193753f145ced6f77fe32251af] PUP.Optional.Trovi.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=58&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&q={searchTerms}&SSPV=, In Quarantäne, [17c21c7bd2b8fe3876450e6113f28a76] PUP.Optional.Conduit.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [57825c3bd3b7191dbba4cf11ee153cc4] PUP.Optional.Trovi.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, In Quarantäne, [36a367302b5f50e615a60b640203d22e] PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [a732890e305aff370f7fcf11867dff01] PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://do-search.com//favicon.ico, In Quarantäne, [5b7e9bfc0585270f9fefae32ac576997] PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [c6135b3c395184b2e2ac9b455ca7768a] PUP.Optional.WebsSearches.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|TopResultURL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398708465&from=tugs&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [7267494e276395a1ee626479966de51b] PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [c21751462a604fe77c9925bc40c3639d] PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [fedb8314464464d2c4caa63a0300b34d] PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [954451468a00cf6767ae4d940ef5a45c] PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [edecbadddfabdf57642a05dbaa599f61] PUP.Optional.SweetSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MOZILLA\EXTENDS|appid, sweetsearch@gmail.com, In Quarantäne, [30a906915a3084b254d0825d9b687090] PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{8E3C10E3-9B89-B515-883F-0A45FF62B29F}, C:\Program Files (x86)\BlockAndSurf-soft\161.xpi, In Quarantäne, [0ecbcdca0b7fe2549931c5aa55b09868] Registrierungsdaten: 16 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[2aaf1e799befa6901e284ae053b3ff01] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[c01973249dedd462492c04190ff737c9] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[6871326527639e98462faf6e9175f40c] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[ebeee4b3612947ef660f39e4ce38ef11] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[10c94e49d5b553e3a6cfd7464fb7dc24] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[dcfd593e0c7e76c09cdac954ab5b728e] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[bd1c0b8c731769cd33432eefbd490cf4] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[f0e9e5b2bdcdda5cf27327020303768a] PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[439602954e3c5fd755f12bff43c3916f] PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[31a8494eb3d7c274f948d65463a3f40c] PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[b5244d4abcce013590b1072363a34cb4] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[36a33760d3b72214273efe2bf80e8f71] PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[fcdd6d2a8cfedb5bee5480aaf016837d] PUP.Optional.Trovi.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=55&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=55&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&SSPV=),Ersetzt,[1dbcbdda4e3ce551f3485ec152b49967] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[bf1acccb02881323046ffd2027df39c7] PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[79607027fc8e1e189fa3b47638ce28d8] Ordner: 101 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\misc, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ar, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\de, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\en, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\es, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\fr, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\he, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\it, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ja, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\nl, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pl, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pt_BR, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ru, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\tr, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_metadata, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [5c7dd8bfd6b4989e97ca318bf50e3ec2], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [5c7dd8bfd6b4989e97ca318bf50e3ec2], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], PUP.Optional.NewPlayer.A, C:\Users\Jaspar\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, In Quarantäne, [9544badd4842d85e929b2aa9de25de22], PUP.Optional.NewPlayer.A, C:\Users\Jaspar\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7, In Quarantäne, [9544badd4842d85e929b2aa9de25de22], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [21b832658dfd0f27396fe8ebf01314ec], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [21b832658dfd0f27396fe8ebf01314ec], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer, In Quarantäne, [e3f65740a0ea3ef859978d4ca45f6898], Dateien: 326 PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys, Löschen bei Neustart, [cddd303170528ae154d7d6060b06b0e8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, In Quarantäne, [0acf35620a8013232f1fdb3b07fb05fb], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\HQVro-1.91-bg.exe, In Quarantäne, [a0395e39fc8e86b004fcce920df9857b], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\HQVro-1.91-bho64.dll, In Quarantäne, [ca0f2a6d67237abcb34d0e5224e2e31d], PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, In Quarantäne, [4297791e880236002b983639ed13768a], PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, In Quarantäne, [30a957408307b97d4182680701ffeb15], PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, In Quarantäne, [a5342b6cdab09a9ca7fe50f65ca68779], PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, In Quarantäne, [b3268215fc8e033352dd8bac08fa3fc1], PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\IeWatchDog.dll, In Quarantäne, [2aaf6a2dd0baa09634e30e093acc9e62], PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [58814f48fa903501e087514c54ad15eb], PUP.Optional.ELEX, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [e7f2bbdc7d0d979f28410ac978898d73], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [e0f98f087d0da4921d7df44356aaf907], PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, In Quarantäne, [697063342466c4723d430a0f17efc13f], PUP.Optional.WindowsProtectManger.A, C:\$Recycle.Bin\S-1-5-21-705164964-436951070-2432176924-1002\$RGMOLWF\ProtectWindowsManager.exe, In Quarantäne, [34a56334008ae45206c9dbfa1ee35aa6], PUP.Optional.Conduit.A, C:\Users\Jaspar\AppData\Local\Temp\dlLogic.exe, In Quarantäne, [dcfdadea0387e3535f9591b38b75936d], PUP.Optional.SearchProtect.A, C:\Users\Jaspar\AppData\Local\Temp\spstub.exe, In Quarantäne, [19c066317416da5cadc5843123dec43c], PUP.Optional.GUPlayer.A, C:\Users\Jaspar\Desktop\GUPlayer.lnk, In Quarantäne, [8f4a7126e8a213237931d60acb382bd5], PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avabvbxvh, In Quarantäne, [bd1c890ef3973df90ef9bc2cef1417e9], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, In Quarantäne, [8d4c9bfc6327ae88c8838382bf4533cd], PUP.Optional.IStartSurf.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage, In Quarantäne, [02d7f89fb4d6cf675fc13c31db2a08f8], PUP.Optional.IStartSurf.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal, In Quarantäne, [8752dfb8b7d3132349d72e3ffc09b14f], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\is.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\manifest.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\background.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\background.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\misc\screenshot.inject.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_de.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_en_gb.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_en_us.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_fr.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_he.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_it.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_pt_br.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_ru.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_tr.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\angular.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\crypto-js.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery-2.1.0.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.autocomplete.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.balloon.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.fittext.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.Jcrop.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.simplecolorpicker.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\mustache.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\string.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\underscore-min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\gallery.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\gallery.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\newtab.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\newtab.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\review.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\review.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\foundation.min.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\indicator.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\Jcrop.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\jquery.autocomplete.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\jquery.Jcrop.min.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\jquery.simplecolorpicker.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\normalize.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\arrow-gallery-cat-selected.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\arrow.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\emptyArea.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\gallery.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\gallery_templates.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\icon-gallery-search.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\not_available_32.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\plus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons\128.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons\16.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons\48.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\buttons.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\footer.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\header.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\list.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\newtab.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\search.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\themes.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\close-bar2.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-edit.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\a.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-2.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-bar.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-medium.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-small.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\arrow-footer.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\arrow-header.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\attachment.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\close.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\corner.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\edit-button.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-apps-dark.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-apps.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-chrome.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-close.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-contents-light.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-contents.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-layout.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-plus-dark.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-plus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-right.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-search.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-settings.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-theme.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\menu_v.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\menu_v_white.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\x-button.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\arab_tile.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\batthern_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\bo_play_pattern_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\dark_wood_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\diagonal_striped_brick.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\escheresque_ste_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\gold_scale.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\purty_wood_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\readme.txt, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\starring_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\weave_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\wild_oliva_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\woven.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources\groups.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources\list.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources\menu.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\activetabs.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\favorites.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\layout.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\modal-fav-add.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\modal-fav-edit.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\modal-fav-group.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\readitlater.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\recentlyclosed.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\theme.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\webapps.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\bookmarks.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\download.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\downloads.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\downloas.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\extensions.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\history.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\settings.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\trash.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites\empty.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites\error.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites\shadow.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\contactus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\facebook.ico, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\rateus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\twitter.ico, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\activetabs.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\favorites.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\layout.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\modal-fav-add.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\modal-fav-edit.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\modal-fav-group.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\readitlater.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\readitlater_content.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\readitlater_menu.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\recentlyclosed.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\theme.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\webapps.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\webapps_contextmenu.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_1.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_2.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_3.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_4.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_5.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\rating-star.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\review.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ar\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\de\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\en\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\es\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\fr\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\he\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\it\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ja\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\nl\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pl\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pt_BR\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ru\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\tr\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_metadata\computed_hashes.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_metadata\verified_contents.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [5c7dd8bfd6b4989e97ca318bf50e3ec2], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\53172.crx, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\53172.xpi, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\background.html, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\HQVro-1.91.ico, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\Uninstall.exe, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], PUP.Optional.NewPlayer.A, C:\Users\Jaspar\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7\user.config, In Quarantäne, [9544badd4842d85e929b2aa9de25de22], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avcodec-54.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avdevice-54.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avformat-54.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avutil-51.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\GuPlayer.exe, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\libfreetype-6.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\libpng15-15.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\postproc-52.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\SDL.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\SDL_image.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\SDL_ttf.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\swresample-0.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\swscale-2.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\Uninstaller.exe, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\zlib1.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], PUP.Optional.GUPlayer.A, C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\GUPlayer.lnk, In Quarantäne, [e3f65740a0ea3ef859978d4ca45f6898], PUP.Optional.GUPlayer.A, C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\Uninstall GUPlayer.lnk, In Quarantäne, [e3f65740a0ea3ef859978d4ca45f6898], PUP.Optional.Delta.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX",), Ersetzt,[9f3abcdb9feb033394be6efc58aecb35] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) ADW: Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 20:20:38 # Aktualisiert 21/05/2015 von Xplode # Datenbank : 2015-05-25.3 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : Jaspar - LAPPI # Gestarted von : C:\Users\Jaspar\Downloads\AdwCleaner_4.205.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : IHProtect Service ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\predm Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect Ordner Gelöscht : C:\Users\Jaspar\AppData\Roaming\Activeris Ordner Gelöscht : C:\Users\Jaspar\AppData\Roaming\rightbackup Ordner Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd Datei Gelöscht : C:\Users\Jaspar\Desktop\Continue Mybest Offerstoday Uninstaller.lnk Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal ***** [ Geplante Tasks ] ***** Task Gelöscht : Advanced System Protector ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v38.0.1 (x86 de) -\\ Google Chrome v43.0.2357.65 [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/search;_ylt=A7x9Ukjq4OlUjCIALSZfCwx.?p={searchTerms}&fr2=sb-top&hspart=iry&hsimp=yhs-fullyhosted_003¶m1=1¶m2=cd%3D%26cr%3D%26elng%3Dde%26elcl%3Dde%26a%3Dsd-fd%26uref%3Dg4%26f%3D2%26cat%3Dweb%26ulng%3Dde-DE%252Cde%253Bq%253D0.8%252Cen-US%253Bq%253D0.6%252Cen%253B%26sid%3D0e46e3fd817ce072532c4aee782e305c%26stype%3Dspdydef%26sesid%3D214765b1e3845c7870387735dc8356d2%26csr%3D0%26ipblock%3D0%26b%3DChrome%26bv%3D40.0.2214.115%26os%3DWindows%2B8.1%26cc%3Dde%26ip%3D91.65.69.148%26pa%3Dspeedial%26x%3Db7465606-b200-4bef-a227-c3ad36f40c40&type=spdydef [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : bakijjialdiiboeaknfpmflphhmljfkd [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : fcfenmboojpjinhpgggodefccipikbpd [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX [C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] : hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms} ************************* AdwCleaner[R0].txt - [5293 Bytes] - [25/05/2015 20:14:29] AdwCleaner[S0].txt - [5159 Bytes] - [25/05/2015 20:20:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5218 Bytes] ########## |
25.05.2015, 20:36 | #6 |
| Grauer Bildschirm mit traurig ausschauendem Smiley FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015 Ran by Jaspar (administrator) on LAPPI on 25-05-2015 21:30:39 Running from C:\Users\Jaspar\Downloads Loaded Profiles: Jaspar (Available Profiles: UpdatusUser & Jaspar) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.) HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Facebook Update] => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-24] (Facebook Inc.) HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] () HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [BingSvc] => C:\Users\Jaspar\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [5310 2015-05-25] () AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2014-09-24] ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\6vqd8buq.default-1431200109324 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jaspar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-19] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-12] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Profile: C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07] CHR Extension: (Google Docs) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07] CHR Extension: (Google Drive) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07] CHR Extension: (Kaspersky Protection) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-01-07] CHR Extension: (YouTube) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07] CHR Extension: (Google Search) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07] CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-07] CHR Extension: (Google Sheets) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07] CHR Extension: (Bookmark Manager) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11] CHR Extension: (Skype Click to Call) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-13] CHR Extension: (Google Wallet) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07] CHR Extension: (Gmail) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07] CHR Extension: (Anti-Banner) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-07] CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS) S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [] S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO) S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO) S1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-28] (Kaspersky Lab ZAO) S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-21] (Razer Inc) S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S0 ustccmt; System32\drivers\grvvdwae.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 21:18 - 2015-05-25 21:18 - 00000000 ____D () C:\Users\Jaspar\Downloads\FRST-OlderVersion 2015-05-25 20:19 - 2015-05-25 20:19 - 00000000 _____ () C:\Recovery.txt 2015-05-25 20:14 - 2015-05-25 20:20 - 00000000 ____D () C:\AdwCleaner 2015-05-25 20:14 - 2015-05-25 20:14 - 02222592 _____ () C:\Users\Jaspar\Downloads\AdwCleaner_4.205.exe 2015-05-25 20:13 - 2015-05-25 20:13 - 02945770 _____ (Thisisu) C:\Users\Jaspar\Desktop\JRT.exe 2015-05-25 20:12 - 2015-05-25 20:12 - 00106737 _____ () C:\Users\Jaspar\Desktop\mbam.txt 2015-05-25 18:51 - 2015-05-25 18:51 - 00000000 __SHD () C:\found.001 2015-05-25 18:35 - 2015-05-25 19:23 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-25 18:34 - 2015-05-25 18:34 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-25 18:34 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-05-25 18:34 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-05-25 18:34 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-05-25 18:33 - 2015-05-25 18:33 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jaspar\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-23 19:17 - 2015-05-23 19:17 - 00028642 _____ () C:\Users\Jaspar\Downloads\Addition.txt 2015-05-23 19:16 - 2015-05-25 21:30 - 00019591 _____ () C:\Users\Jaspar\Downloads\FRST.txt 2015-05-23 19:16 - 2015-05-25 21:30 - 00000000 ____D () C:\FRST 2015-05-23 19:15 - 2015-05-25 21:18 - 02108928 _____ (Farbar) C:\Users\Jaspar\Downloads\FRST64.exe 2015-05-22 17:39 - 2015-05-22 17:39 - 00000000 __SHD () C:\found.000 2015-05-22 01:06 - 2015-05-22 01:06 - 00305224 _____ () C:\WINDOWS\Minidump\052215-34343-01.dmp 2015-05-22 00:45 - 2015-05-22 00:45 - 00350128 _____ () C:\WINDOWS\Minidump\052215-33062-01.dmp 2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____D () C:\WINDOWS\Minidump 2015-05-19 14:07 - 2015-05-19 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-13 23:49 - 2015-05-13 23:55 - 00000000 ____D () C:\Users\Jaspar\Documents\Bandicam 2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\BANDISOFT 2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1 2015-05-13 23:48 - 2015-05-13 23:48 - 09864192 _____ (Bandisoft) C:\Users\Jaspar\Downloads\bdcamsetup.exe 2015-05-13 15:39 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 15:39 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 13:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-05-13 13:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-05-13 13:18 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-05-13 13:18 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-05-13 13:17 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-05-13 13:17 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-05-13 13:17 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2015-05-13 13:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-05-13 13:17 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-05-13 13:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-05-13 13:17 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-05-13 13:17 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-05-13 13:17 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-05-13 13:17 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-05-13 13:17 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-05-13 13:17 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-05-13 13:17 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-05-13 13:17 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-05-13 13:17 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-05-13 13:17 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-05-13 13:17 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-05-13 13:17 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-05-13 13:17 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-05-13 13:17 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-05-13 13:17 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-05-13 13:17 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-05-13 13:17 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-05-13 13:17 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-05-13 13:17 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-05-13 13:17 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-05-13 13:17 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-05-13 13:17 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-05-13 13:17 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-05-13 13:17 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-05-13 13:17 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-05-13 13:17 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-05-13 13:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-05-13 13:17 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-05-13 13:17 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-05-13 13:17 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-05-13 13:17 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-05-13 13:17 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-05-13 13:17 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-05-13 13:17 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-05-13 13:17 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-05-13 13:17 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-05-13 13:17 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-05-13 13:17 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-05-13 13:17 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-05-13 13:17 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-05-13 13:17 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-05-13 13:17 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-05-13 13:17 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-05-13 13:17 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2015-05-13 13:17 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2015-05-13 13:17 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2015-05-13 13:17 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2015-05-13 13:17 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-05-13 13:17 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-05-13 13:17 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-05-13 13:17 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-05-13 13:17 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-05-13 13:17 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-05-13 13:17 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-05-13 13:17 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-05-13 13:17 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-05-13 13:17 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-05-13 13:17 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-05-13 13:17 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe 2015-05-13 13:17 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe 2015-05-13 13:17 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-05-13 13:17 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-05-13 13:17 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-05-13 13:17 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-05-13 13:17 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-05-13 13:17 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-13 13:17 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-05-13 13:17 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-05-13 13:17 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-05-09 21:33 - 2015-05-09 21:33 - 00000000 ____D () C:\Users\Jaspar\Tracing 2015-05-09 21:17 - 2015-05-09 21:17 - 00003144 _____ () C:\WINDOWS\System32\Tasks\{A442621D-3DFF-4D44-AED1-BFB8F25EA3C7} 2015-05-09 21:08 - 2015-05-22 01:05 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Skype 2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-05-09 20:56 - 2015-05-09 20:57 - 00000050 _____ () C:\Users\Jaspar\Desktop\t1.bat 2015-05-09 20:53 - 2015-05-09 20:53 - 00000000 ____D () C:\Users\Jaspar\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} 2015-05-03 16:33 - 2015-05-03 16:33 - 00000000 __SHD () C:\Users\Jaspar\AppData\Local\EmieBrowserModeList 2015-05-02 15:09 - 2015-05-02 15:09 - 00240102 _____ () C:\Users\Jaspar\Documents\ts3_clientui-win32-1407159763-2015-05-02 15_09_51.243762.dmp 2015-04-26 15:58 - 2015-04-26 15:58 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\TeamViewer 2015-04-26 15:57 - 2015-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-04-26 15:56 - 2015-04-26 15:56 - 07970528 _____ (TeamViewer GmbH) C:\Users\Jaspar\Downloads\TeamViewer_Setup_de.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 21:00 - 2014-09-23 23:06 - 00871442 _____ () C:\WINDOWS\PFRO.log 2015-05-25 20:23 - 2015-01-07 20:37 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-25 20:22 - 2014-07-12 13:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-05-25 20:22 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-25 20:21 - 2014-05-02 21:30 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-05-25 20:21 - 2013-08-22 16:46 - 00340477 _____ () C:\WINDOWS\setupact.log 2015-05-25 20:11 - 2014-04-28 20:18 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\com 2015-05-23 19:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-22 16:17 - 2014-08-17 12:00 - 431778920 _____ () C:\WINDOWS\MEMORY.DMP 2015-05-22 15:31 - 2014-07-08 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-05-22 01:04 - 2014-11-21 21:29 - 00000000 __RDO () C:\Users\Jaspar\OneDrive 2015-05-22 00:58 - 2015-01-07 20:37 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-22 00:45 - 2014-10-11 20:54 - 00000000 ____D () C:\Users\Jaspar 2015-05-22 00:45 - 2014-02-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-22 00:43 - 2014-10-11 20:47 - 02048338 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-22 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-21 23:27 - 2014-08-08 14:33 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA.job 2015-05-21 18:48 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-05-21 18:46 - 2014-01-22 02:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-705164964-436951070-2432176924-1002 2015-05-21 17:21 - 2014-02-21 19:18 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\TS3Client 2015-05-21 12:00 - 2015-04-16 13:39 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1 2015-05-21 12:00 - 2013-12-09 22:47 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2 2015-05-21 11:27 - 2014-08-08 14:33 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core.job 2015-05-21 10:59 - 2015-03-14 23:14 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-21 10:15 - 2014-01-22 02:44 - 00000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys 2015-05-21 00:00 - 2014-10-30 14:52 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{93648374-8FFE-44A4-9064-D6548AB6A10B} 2015-05-18 22:18 - 2014-02-20 20:25 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-05-18 22:13 - 2014-02-20 20:25 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-05-18 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-15 19:53 - 2015-01-07 20:37 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 19:52 - 2015-01-07 20:37 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-05-13 23:49 - 2014-03-26 20:11 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\NVIDIA 2015-05-13 19:43 - 2013-08-22 16:44 - 00362896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-13 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-13 19:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-05-13 15:26 - 2014-09-24 08:00 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-11 21:19 - 2015-03-10 17:15 - 00013312 ___SH () C:\Users\Jaspar\Downloads\Thumbs.db 2015-05-09 21:40 - 2014-06-10 10:03 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-09 20:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-05-06 17:55 - 2013-04-26 01:15 - 06329286 _____ () C:\WINDOWS\AsDebug.log 2015-05-05 19:59 - 2014-11-20 16:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-05 19:59 - 2014-09-24 09:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-04-26 15:16 - 2013-04-26 01:15 - 01331948 _____ () C:\WINDOWS\AsCDProc.log ==================== Files in the root of some directories ======= 2014-01-22 02:44 - 2015-05-21 10:15 - 0000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys 2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd Files to move or delete: ==================== C:\Users\Jaspar\PSISetup_3.0.0.9016.exe Some files in TEMP: ==================== C:\Users\Jaspar\AppData\Local\Temp\bdcam_0.dll C:\Users\Jaspar\AppData\Local\Temp\bdfilters.dll C:\Users\Jaspar\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Jaspar\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Jaspar\AppData\Local\Temp\nch1setup.exe C:\Users\Jaspar\AppData\Local\Temp\Quarantine.exe C:\Users\Jaspar\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-18 22:11 ==================== End of log ============================ |
26.05.2015, 17:47 | #7 |
/// the machine /// TB-Ausbilder | Grauer Bildschirm mit traurig ausschauendem SmileyESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.05.2015, 18:30 | #8 | |||
| Grauer Bildschirm mit traurig ausschauendem Smiley ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=dcff3168f9d79043a10fd6fbc502b77f # engine=24050 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-05-27 04:54:52 # local_time=2015-05-27 06:54:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.3.9600 NT # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1292 16777214 100 100 496296 64223714 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 6456798 57626985 0 0 # scanned=277256 # found=6 # cleaned=0 # scan_time=4854 sh=6A0A9783FFE1EE10D850173AA652325188FF37FF ft=1 fh=c71c0011414b9536 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-705164964-436951070-2432176924-1002\$RDW5VJ3\UninstallManager.exe" sh=BDCFAB786869E5EF2CE9E3E84AF405D07F677DA6 ft=1 fh=5d81b5dd6872fb2f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\AppData\Local\Microsoft\Windows\INetCache\IE\SWOROAQT\Setup[1].exe" sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\AppData\Local\Microsoft\Windows\INetCache\IE\XTCG0DBU\Stub[1].exe" sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\AppData\Local\Temp\DMR\dmr_72.exe" sh=5BFD53BD42BAFD16F6E9D9D0B2B9A0372A2E93E7 ft=1 fh=2c3e931875df3a39 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\OneDrive\Documents\CFSetup381 - CHIP-Installer.exe" sh=E301955DF7A3F37954CECD106DB6A0F2C907B405 ft=1 fh=95b788ef4760c140 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\OneDrive\Documents\TeamSpeak-3-64-Bit-lnstall.exe" Code:
ATTFilter Results of screen317's Security Check version 1.002 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Kaspersky Internet Security Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 17.0.0.169 Mozilla Firefox (38.0.1) Google Chrome (42.0.2311.152) Google Chrome (43.0.2357.65) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Zitat:
Zitat:
|
28.05.2015, 12:21 | #9 |
/// the machine /// TB-Ausbilder | Grauer Bildschirm mit traurig ausschauendem Smiley
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.05.2015, 16:03 | #10 |
| Grauer Bildschirm mit traurig ausschauendem Smiley Die Reperatur verlief ohne weitere Probleme, wurde aber bereits bei Abschluss des Suchlaufs im zweiten Schritt darauf hingeweisen, dass einige Dateien irreperabel seien. Der Systemstart war nicht erfolgreich gewesen. Ich konnte mich zwar anmelden, wurde aber dann von Fehlermeldungen überhäuft, bis der PC mich mit einem schwarzen Bildschirm alleine ließ. |
31.05.2015, 13:45 | #11 |
/// the machine /// TB-Ausbilder | Grauer Bildschirm mit traurig ausschauendem Smiley Mach mal bitte nen kompletten Refresh von Win8.1.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.05.2015, 15:34 | #12 |
| Grauer Bildschirm mit traurig ausschauendem Smiley Was bedeutet das konkret? Bzw. wie gehe ich da vor? |
01.06.2015, 09:18 | #13 |
/// the machine /// TB-Ausbilder | Grauer Bildschirm mit traurig ausschauendem Smiley schau mal hier So wird's gemacht: Auffrischen, Wiederherstellen und Zurücksetzen des PCs auf die Originaleinstellung - Windows-Hilfe
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.06.2015, 19:22 | #14 |
| Grauer Bildschirm mit traurig ausschauendem Smiley Ich bitte die längere Verzögerung zu entschuldigen. Leider fand ich nicht so viel Zeit mich dem Laptop zu widmen. Nach reichlichem Ein- und Ausschalten musste ich feststellen - mehrere Versuche wurden unternommen - dass ich via abgesichertem Modus nicht auf die Einstellungen zugreifen kann. Die Fenster öffnet sich (das PC-Einstellungen-ändern-Fenster - diese Windows-Kachel), und minimiierte sich postwendend. Beim Booten + Shift F8 gelange ich in dieses eine Fenster. Wenn ich darüber die PC-Einstellungen ändern möchte, gelange ich wenigstens schonmal zu dem Hinweis, was ab dem nächsten Schritt geschieht. Kurz darauf aber werde ich darauf hingewiesen, dass die Festplatte geschützt sei, also in irgendeiner Form gesperrrt - deshalb der Vorgang nicht auszuführen sei. |
05.06.2015, 11:10 | #15 |
/// the machine /// TB-Ausbilder | Grauer Bildschirm mit traurig ausschauendem Smiley Dann bleibt eigentlich nur ne komplette Recovery. Aber vorher Daten sichern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Grauer Bildschirm mit traurig ausschauendem Smiley |
abgesicherten, bildschirm, daten, entfernt, erhalte, geräusch, guten, konto, ladebildschirm, laptop, league, league of legends, modus, nachricht, neu, neustart, nicht mehr, plötzlich, programme, revo uninstaller, scan, schonmal, smiley, starten, systemfehler, traurig, unbekannte, verwendet |