Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Grauer Bildschirm mit traurig ausschauendem Smiley

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.05.2015, 17:23   #1
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



Guten Tag - ich möchte Sie um Hilfe bitten.

Heute habe ich die Nachricht erhalten, dass der Laptop meines Bruders sich nicht mehr richtig starten lässt. Er war am Tag zuvor in einem Online-Spiel gewesen (League of Legends), bis plötzlich von jetzt auf gleich ein schrilles Geräusch aus seinem Laptop ertönte und die Maschine aus unerfindlichen Gründen neu startete. Scheinbar soll beim Neustart ein Ladebildschirm aufgetaucht sein, der ihn darauf hinwies, dass die Daten aktualisiert werden müssen, eben mit traurigem Smiley als Krönung. Seitdem ist es nicht mehr möglich sich über das Konto anzumelden.
Um einen technischen Systemfehler auszuschließen habe ich den Versuch unternommen in den abgesicherten Modus zu gelangen - mit Erfolg. Nach einem Scan mit dem Revo Uninstaller stellte ich fest, dass sich irgendwelche unbekannten Programme auf dem PC befanden, die ich bereits schonmal von seinem PC entfernt habe. Nun ist der ganze Mist wieder da. Entweder wird mir etwas verschwiegen oder er hat sich aus purer Ahnungslosigkeit ein schönes Leck gebohrt (der Laptop wird nur als Spielemaschine verwendet). Ich hoffe Sie können mir helfen.

Alt 23.05.2015, 17:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 23.05.2015, 18:23   #3
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



FRST und Additional:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Jaspar (administrator) on LAPPI on 23-05-2015 19:16:20
Running from C:\Users\Jaspar\Downloads
Loaded Profiles: Jaspar (Available Profiles: UpdatusUser & Jaspar)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-10-01] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771032 2013-10-01] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [769496 2013-10-01] (Intel Corporation)
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [mbot_pl_9] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Facebook Update] => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-24] (Facebook Inc.)
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [BingSvc] => C:\Users\Jaspar\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-05-13] (Client Connect LTD)
AppInit_DLLs:  C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-05-13] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2014-09-24]
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=55&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&SSPV=
HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX
HKU\S-1-5-21-705164964-436951070-2432176924-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398708465&from=tugs&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=58&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=58&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-705164964-436951070-2432176924-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX

FireFox:
========
FF ProfilePath: C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\6vqd8buq.default-1431200109324
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jaspar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml [2014-08-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-19]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Firefox\Extensions: [{8E3C10E3-9B89-B515-883F-0A45FF62B29F}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX"
CHR DefaultSearchKeyword: Default -> delta-homes
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Speedial) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-01-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Google Search) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-07]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-05-13]
CHR Extension: (Google Sheets) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (Bookmark Manager) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Gmail) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR Extension: (Anti-Banner) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-07]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () []
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3274512 2015-05-13] (Client Connect LTD)
S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-15] (XTab system)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) []
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-28] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-21] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112 2014-04-29] (StdLib)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S2 PEAUTH; system32\drivers\peauth.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 19:16 - 2015-05-23 19:16 - 00026297 _____ () C:\Users\Jaspar\Downloads\FRST.txt
2015-05-23 19:16 - 2015-05-23 19:16 - 00000000 ____D () C:\FRST
2015-05-23 19:15 - 2015-05-23 19:15 - 02108416 _____ (Farbar) C:\Users\Jaspar\Downloads\FRST64.exe
2015-05-23 19:15 - 2015-05-23 19:15 - 01147392 _____ (Farbar) C:\Users\Jaspar\Downloads\FRST.exe
2015-05-22 17:39 - 2015-05-22 17:39 - 00000000 __SHD () C:\found.000
2015-05-22 01:06 - 2015-05-22 01:06 - 00305224 _____ () C:\WINDOWS\Minidump\052215-34343-01.dmp
2015-05-22 00:45 - 2015-05-22 00:45 - 00350128 _____ () C:\WINDOWS\Minidump\052215-33062-01.dmp
2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-20 11:12 - 2015-05-20 22:14 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\avabvbxvh
2015-05-20 11:12 - 2015-05-20 11:12 - 00003456 _____ () C:\WINDOWS\System32\Tasks\avabvbxvh
2015-05-19 14:07 - 2015-05-19 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 23:49 - 2015-05-13 23:55 - 00000000 ____D () C:\Users\Jaspar\Documents\Bandicam
2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\BANDISOFT
2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-05-13 23:48 - 2015-05-13 23:48 - 09864192 _____ (Bandisoft) C:\Users\Jaspar\Downloads\bdcamsetup.exe
2015-05-13 15:39 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:39 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 13:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 13:18 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 13:18 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 13:17 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 13:17 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 13:17 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 13:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 13:17 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 13:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 13:17 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 13:17 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 13:17 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 13:17 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 13:17 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 13:17 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 13:17 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 13:17 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 13:17 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 13:17 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 13:17 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 13:17 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 13:17 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 13:17 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 13:17 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 13:17 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 13:17 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 13:17 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 13:17 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 13:17 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 13:17 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 13:17 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 13:17 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 13:17 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 13:17 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 13:17 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 13:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 13:17 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 13:17 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 13:17 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 13:17 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 13:17 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 13:17 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 13:17 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 13:17 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 13:17 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 13:17 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 13:17 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 13:17 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 13:17 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 13:17 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 13:17 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 13:17 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 13:17 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 13:17 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 13:17 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 13:17 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 13:17 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 13:17 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 13:17 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 13:17 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 13:17 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 13:17 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 13:17 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 13:17 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 13:17 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 13:17 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 13:17 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 13:17 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 13:17 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 13:17 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 13:17 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 13:17 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 13:17 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 13:17 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 13:17 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 13:17 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 13:17 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 13:17 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-09 21:33 - 2015-05-09 21:33 - 00000000 ____D () C:\Users\Jaspar\Tracing
2015-05-09 21:32 - 2015-05-09 21:32 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-09 21:30 - 2015-05-20 11:12 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-05-09 21:30 - 2015-05-09 21:30 - 00002122 _____ () C:\Users\Jaspar\Desktop\Continue Mybest Offerstoday Uninstaller.lnk
2015-05-09 21:30 - 2015-05-09 21:30 - 00001021 _____ () C:\Users\Jaspar\Desktop\GUPlayer.lnk
2015-05-09 21:30 - 2015-05-09 21:30 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-05-09 21:30 - 2015-05-09 21:30 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\SearchProtect
2015-05-09 21:30 - 2015-05-09 21:30 - 00000000 ____D () C:\Program Files (x86)\GUPlayer
2015-05-09 21:17 - 2015-05-09 21:17 - 00003144 _____ () C:\WINDOWS\System32\Tasks\{A442621D-3DFF-4D44-AED1-BFB8F25EA3C7}
2015-05-09 21:08 - 2015-05-22 01:05 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-09 20:56 - 2015-05-09 20:57 - 00000050 _____ () C:\Users\Jaspar\Desktop\t1.bat
2015-05-09 20:53 - 2015-05-09 20:53 - 00000000 ____D () C:\Users\Jaspar\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2015-05-03 16:33 - 2015-05-03 16:33 - 00000000 __SHD () C:\Users\Jaspar\AppData\Local\EmieBrowserModeList
2015-05-02 15:09 - 2015-05-02 15:09 - 00240102 _____ () C:\Users\Jaspar\Documents\ts3_clientui-win32-1407159763-2015-05-02 15_09_51.243762.dmp
2015-04-26 15:58 - 2015-04-26 15:58 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\TeamViewer
2015-04-26 15:57 - 2015-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-26 15:56 - 2015-04-26 15:56 - 07970528 _____ (TeamViewer GmbH) C:\Users\Jaspar\Downloads\TeamViewer_Setup_de.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 19:07 - 2014-07-12 13:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-23 19:07 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 19:06 - 2013-08-22 16:46 - 00340092 _____ () C:\WINDOWS\setupact.log
2015-05-22 17:18 - 2015-01-07 20:37 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 16:17 - 2014-08-17 12:00 - 431778920 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-22 15:31 - 2014-07-08 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-22 01:04 - 2014-11-21 21:29 - 00000000 __RDO () C:\Users\Jaspar\OneDrive
2015-05-22 00:58 - 2015-01-07 20:37 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 00:45 - 2014-10-11 20:54 - 00000000 ____D () C:\Users\Jaspar
2015-05-22 00:45 - 2014-09-23 23:06 - 00024410 _____ () C:\WINDOWS\PFRO.log
2015-05-22 00:45 - 2014-02-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 00:43 - 2014-10-11 20:47 - 02048338 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-21 23:27 - 2014-08-08 14:33 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA.job
2015-05-21 18:48 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-21 18:46 - 2014-01-22 02:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-705164964-436951070-2432176924-1002
2015-05-21 17:21 - 2014-02-21 19:18 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\TS3Client
2015-05-21 12:00 - 2015-04-16 13:39 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-05-21 12:00 - 2013-12-09 22:47 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-05-21 11:27 - 2014-08-08 14:33 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core.job
2015-05-21 10:59 - 2015-03-14 23:14 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 10:15 - 2014-01-22 02:44 - 00000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys
2015-05-21 00:00 - 2014-10-30 14:52 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{93648374-8FFE-44A4-9064-D6548AB6A10B}
2015-05-18 22:18 - 2014-02-20 20:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-18 22:13 - 2014-02-20 20:25 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-18 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 17:02 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-15 19:53 - 2015-01-07 20:37 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:52 - 2015-01-07 20:37 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 23:49 - 2014-03-26 20:11 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\NVIDIA
2015-05-13 19:43 - 2013-08-22 16:44 - 00362896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 19:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 15:26 - 2014-09-24 08:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 21:19 - 2015-03-10 17:15 - 00013312 ___SH () C:\Users\Jaspar\Downloads\Thumbs.db
2015-05-09 21:40 - 2014-06-10 10:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-09 21:17 - 2014-08-11 20:01 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\istartsurf
2015-05-09 20:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-09 20:15 - 2015-04-15 14:15 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-06 17:55 - 2013-04-26 01:15 - 06329286 _____ () C:\WINDOWS\AsDebug.log
2015-05-05 19:59 - 2014-11-20 16:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 19:59 - 2014-09-24 09:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-26 15:16 - 2013-04-26 01:15 - 01331948 _____ () C:\WINDOWS\AsCDProc.log

==================== Files in the root of some directories =======

2014-01-22 02:44 - 2015-05-21 10:15 - 0000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd

Files to move or delete:
====================
C:\Users\Jaspar\PSISetup_3.0.0.9016.exe


Some files in TEMP:
====================
C:\Users\Jaspar\AppData\Local\Temp\bdcam_0.dll
C:\Users\Jaspar\AppData\Local\Temp\bdfilters.dll
C:\Users\Jaspar\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Jaspar\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Jaspar\AppData\Local\Temp\dlLogic.exe
C:\Users\Jaspar\AppData\Local\Temp\nch1setup.exe
C:\Users\Jaspar\AppData\Local\Temp\spstub.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 22:11

==================== End of log ============================
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Jaspar at 2015-05-23 19:17:39
Running from C:\Users\Jaspar\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-705164964-436951070-2432176924-500 - Administrator - Disabled)
Gast (S-1-5-21-705164964-436951070-2432176924-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-705164964-436951070-2432176924-1004 - Limited - Enabled)
Jaspar (S-1-5-21-705164964-436951070-2432176924-1002 - Administrator - Enabled) => C:\Users\Jaspar
UpdatusUser (S-1-5-21-705164964-436951070-2432176924-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.4 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5230.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktopicon amazon.de (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version:  - )
HQVro-1.91 (HKLM-x32\...\HQVro-1.91) (Version: 1.34.4.10 - HQVro1)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.11 - www.leaguereplays.com)
METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Graphics Driver 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Update 4.11.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 4.11.9 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.30.9 - Client Connect LTD) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
World of Tanks (HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

01-05-2015 17:20:47 Windows Update
09-05-2015 13:55:08 Geplanter Prüfpunkt
13-05-2015 15:23:41 Windows Update
18-05-2015 22:11:49 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2014-05-01 19:42 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2306EAB8-44A7-4A05-8FA8-5851DAC368BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {2966056B-AC3A-4963-87CE-4C5AC3FD67BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-24] (Facebook Inc.)
Task: {2AAF01B2-AC5A-4354-82F2-9839D99DA97B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2EC1139E-C7BB-4AA1-A0F0-85E637CDB953} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {4CC7F42E-4C4D-4488-BAFF-9C189347CFA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {5B38980F-2222-4BC7-9756-6F9D169EE8AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-24] (Facebook Inc.)
Task: {749C614E-0A2A-4533-BFB6-48EB2F27A60D} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-29] (AsusTek)
Task: {780C522B-64E7-43BF-8D4C-D9CB128C31C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-18] (Microsoft Corporation)
Task: {7BE140B9-CC56-443D-9A26-75E7F0B52A1C} - \Advanced System Protector No Task File <==== ATTENTION
Task: {84887AC2-DAAC-4922-868F-653C4E80A79A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {865BA5EE-86F6-4F86-9AEC-C4A52AE5F3B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {8C37E8F5-B320-41C7-8A92-7B67DC9BB77D} - System32\Tasks\{A442621D-3DFF-4D44-AED1-BFB8F25EA3C7} => pcalua.exe -a C:\Users\Jaspar\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=amt
Task: {91A84639-D2D7-4B99-B3E1-1A9E42E50B4A} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {A088BFDF-1E64-4AFE-A58B-99F97117AFC6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS)
Task: {A6C79FA8-E314-457F-8C19-796DDDE77565} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {D5DE8A0D-AA96-4778-A27D-1BCD078B03BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {E12A3223-E067-48C6-A6AD-9A6B42237C4F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {F142EA38-44C1-45A1-B12B-D626628E060E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {F9326A37-8F09-415A-AACE-7111CC7F69A4} - System32\Tasks\avabvbxvh => C:\Users\Jaspar\AppData\Local\avabvbxvh\avabvbxvh.exe [2015-05-13] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core.job => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA.job => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Jaspar\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-705164964-436951070-2432176924-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img6.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "LOLRecorder.lnk"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\StartupApproved\Run: => "Facebook Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{981EBBDB-F0AC-4CC9-B414-FA4B4FF6849F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{27F59C64-8DDA-453C-81DB-C6C451598769}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BE72DCFA-92B9-4A68-8D3D-894964AE8FEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{4C5E5CD8-F6FF-4ADD-BC33-71F7E6F53D3B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{0A08CD54-5AD2-4AEE-9BD1-F08BF28A5C4C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{14C1B559-1040-4848-81FF-3942014C2E7C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7A5C9B6C-A092-4096-AF31-F9A71B7AA34F}] => (Allow) C:\Users\Jaspar\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{B52E0792-BFCA-41B0-9064-963074DAF661}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8DD3F208-4396-4E10-908E-5AFAF6B484A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D5886BF5-E9D6-4741-8EE8-C9EF2ADBC6EB}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{2A20DC8E-ABF8-4536-A3DD-E6F2D9D9CBD2}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5F2878D9-BC65-4254-9CFD-7CF599827009}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7AA64871-B8E4-4141-B6D2-47D4BAE43FE4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{18D087EC-D46F-4D83-9C3C-50C8E8A1A198}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{1B3591C7-92FF-4D8E-8F18-63327169BA67}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4A42C600-6204-423B-9309-3C505FBF9C64}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7AE19A65-E6FD-40AF-AD82-F1FCFDAAD3F1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{84CBAA73-13AC-4007-815B-A03A47EFDDC3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{27A83B16-B10F-454F-9C4F-7B8842CF70C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{758A85A7-2E39-4011-9101-EA9DF9912277}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{77ABE695-BF91-4C1E-BB96-D36E0B66BAFD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{99AB5382-1059-45AC-AAEB-E32736E99DF9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0F60259D-0A27-452B-9B0C-F86964307B23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{B1695C20-DF06-485E-9B7B-912D68E1F220}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3A400443-B670-4080-853C-305970A09017}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{9BA9ED05-2603-419B-9960-5816A4EDB879}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{0118FEBF-6ABB-4566-9307-784CF69863AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DF969E2-08CD-4C0D-A651-78CFA8D732BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3190553F-D805-4033-9FA1-B0F442CD62AF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00927E5A-5E8F-40D5-9891-6965DED85E28}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F86F2A81-3B2E-4BBF-A1F0-BBC751D83332}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6DCA2E8E-B5F4-43B4-8407-99DFFE961D6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6C45BDEF-6BF8-490C-AAA6-9C32B64964F0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{128C1AD8-FEA5-4405-99A6-FD6C71399B17}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7A412163-47D2-4A41-AA18-CEA8EB16D364}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 05:34:48 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0x80070017.

Error: (05/22/2015 05:04:05 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: Ein kritischer Systemprozess C:\WINDOWS\system32\lsass.exe ist fehlgeschlagen mit den Statuscode c000001d. Der Computer muss neu gestartet werden.

Error: (05/22/2015 04:15:10 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Anwendung: AsusWSWinService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 00007FFB853B3395 (00007FFB85350000) mit Exitcode 80131506.

Error: (05/22/2015 04:14:58 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: Ein kritischer Systemprozess C:\WINDOWS\system32\lsass.exe ist fehlgeschlagen mit den Statuscode c0000005. Der Computer muss neu gestartet werden.

Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107.

Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107.

Error: (05/22/2015 04:14:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -107.

Error: (05/22/2015 04:14:18 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf Ereignis 256 aufgerufen werden. Fehlercode 2147942593.

Error: (05/22/2015 04:14:14 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen werden. Fehlercode 193.

Error: (05/22/2015 03:40:42 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: )
Description: ?


System errors:
=============
Error: (05/23/2015 07:14:03 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/23/2015 07:13:57 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/23/2015 07:13:45 PM) (Source: DCOM) (EventID: 10010) (User: LAPPI)
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (05/23/2015 07:13:45 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/23/2015 07:13:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPPI)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/23/2015 07:13:16 PM) (Source: DCOM) (EventID: 10010) (User: LAPPI)
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (05/23/2015 07:13:13 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/23/2015 07:13:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/23/2015 07:13:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/23/2015 07:13:12 PM) (Source: DCOM) (EventID: 10005) (User: LAPPI)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office:
=========================
Error: (05/22/2015 05:34:48 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070017

Error: (05/22/2015 05:04:05 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\WINDOWS\system32\lsass.exec000001d

Error: (05/22/2015 04:15:10 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Anwendung: AsusWSWinService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 00007FFB853B3395 (00007FFB85350000) mit Exitcode 80131506.

Error: (05/22/2015 04:14:58 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\WINDOWS\system32\lsass.exec0000005

Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -107

Error: (05/22/2015 04:14:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -107

Error: (05/22/2015 04:14:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -107

Error: (05/22/2015 04:14:18 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT)
Description: 2562147942593

Error: (05/22/2015 04:14:14 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT)
Description: pautoenr.dll193

Error: (05/22/2015 03:40:42 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: )
Description: ?


CodeIntegrity Errors:
===================================
  Date: 2014-05-01 19:41:36.871
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 11%
Total physical RAM: 8077.57 MB
Available physical RAM: 7144.97 MB
Total Pagefile: 16269.57 MB
Available Pagefile: 15400.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:269.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.64 GB) NTFS
Drive e: (TAIS_TOI) (CDROM) (Total:3.65 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0FE4DC0A)

Partition: GPT Partition Type.

==================== End of log ============================
         
__________________

Alt 24.05.2015, 17:51   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    istartsurf uninstall

    Search Protect

    WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.05.2015, 20:34   #5
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



JRT.exe lässt sich nicht ausführen. Entweder startet der PC neu oder die Windowshilfe öffnet sich, wie zu jedem Start des abgesicherten Modus. Außerdem kam auch folgende Fehlermeldung auf:
Zitat:
Die Anweisung bei "0x0000000077CF97E8"verwies auf Speicher "0x0000000000413000".Die erforderlichen Dateien werden aufgrund eines E/A-Fehlers in "0x000009c" nicht an der Arbeitsspeicher übertragen.
Es treten nun auch regelmäßig ähnliche Fehlermeldungen auf für explorer.exe

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.05.2015
Suchlauf-Zeit: 19:23:54
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.25.05
Rootkit Datenbank: v2015.05.24.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jaspar

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 445530
Verstrichene Zeit: 43 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 60
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [0acf35620a8013232f1fdb3b07fb05fb], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [27b2e5b2a1e9a78f9e66055c56ad32ce], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64, In Quarantäne, [43965e39aedc90a6db34a662dc282cd4], 
PUP.Optional.NewTab.C, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [b22784136822f83e89fb69034fb644bc], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905C19DC-1787-48D4-A94E-E0BCC1B0FDBA}, In Quarantäne, [eeeb3265f89256e0fea7690dae578080], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CFCCD01-9DE9-4DA5-9A66-F1DE9CBA57C5}, In Quarantäne, [d504d9bed5b59b9bd9ccfa7cbf46c838], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB591AD8-BBE3-422F-AD5B-2F51DFFA334C}, In Quarantäne, [ce0ba5f2d8b27eb8dbcccea83acb639d], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5014966-B0D9-4BE3-AAA8-F0473FD61EC8}, In Quarantäne, [578233645b2fed49cadd1264d13438c8], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ebeed8bfbfcb979fef99d99615f011ef], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [a8318017cdbd1d19fd55e1265aaa9967], 
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\free_soft_today, In Quarantäne, [4a8f0790cac043f308e44121986dea16], 
PUP.Optional.HQPro.A, HKLM\SOFTWARE\WOW6432NODE\HQVro-1.91, In Quarantäne, [be1be6b12b5ffa3c838a3eb318eb9e62], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [4297c7d06e1c3df96966e40a5fa425db], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [0acf395e5436340237ff5ba907fdca36], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [ce0b6136d8b2f046d21963a00cf8768a], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [58816334f595c86edb8e372a669f9967], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [c316098ef09a74c2beee25dd57ad48b8], 
PUP.Optional.NewTab.C, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [895034635931d46221633438b64fca36], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905C19DC-1787-48D4-A94E-E0BCC1B0FDBA}, In Quarantäne, [4d8c1285d1b942f4871e5c1acb3a6e92], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CFCCD01-9DE9-4DA5-9A66-F1DE9CBA57C5}, In Quarantäne, [eaef8a0d25650e281e87b3c33dc89e62], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB591AD8-BBE3-422F-AD5B-2F51DFFA334C}, In Quarantäne, [fadfedaaaae06ec8aef95d19fd0852ae], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5014966-B0D9-4BE3-AAA8-F0473FD61EC8}, In Quarantäne, [af2a0196d5b537ff64433a3cf312bd43], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b9209afda0ea9f970a0c5190778c3bc5], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [67728c0baddd2f07872443bf966e0cf4], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, In Quarantäne, [7b5eaaed404a96a0bf715b129d6805fb], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [5f7a24734545cb6b961393625ea5b54b], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [04d53067573347ef28957187729116ea], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [a73226717d0d290d10ae49afa063619f], 
PUP.Optional.HQPro.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQVro-1.91, In Quarantäne, [21b8e8af34564fe7db30b93849ba60a0], 
PUP.Optional.MBOT.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\mybestofferstoday, In Quarantäne, [538684138505241204c430ba2ed5ef11], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\SupHpUISoft, In Quarantäne, [6079781fb8d21125ee43cb39b74d0df3], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\TutoTag, In Quarantäne, [7267742391f983b340dbc79d37cebe42], 
PUP.Optional.HQPro.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\APPDATALOW\SOFTWARE\HQVro-1.91, In Quarantäne, [16c37a1d96f454e2907b638e29da9769], 
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, In Quarantäne, [78618e09e6a4191daa8c24d973905fa1], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15A6C94A-9E7F-4664-A4F7-5213C425C2E5}, In Quarantäne, [6970b4e3b8d2bc7a1e86ee88d035a25e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{24DC681D-E46F-4BA9-A0AA-274B25A94564}, In Quarantäne, [4d8c1d7aa0ea092dcdd7c3b3a0653dc3], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B3B5BC2-DA69-488E-BD14-CA5C5C5A8B40}, In Quarantäne, [4a8f62355436d165356e6a0c8382b54b], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42FBCD7C-18A3-4C9A-82A6-D9B01725BE5B}, In Quarantäne, [13c62176731763d3960d25512fd630d0], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73A943EB-D88A-43CB-B619-362516368A63}, In Quarantäne, [499067304248bc7a9d07bdb98c79bb45], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{767BD76C-9F32-4D1D-B71D-725577D6A36E}, In Quarantäne, [fcdd1c7b424862d4762e6b0bb84d46ba], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{791640C7-37B9-4EBB-B16C-C5A6EC1B3E57}, In Quarantäne, [32a7dabd15755bdb1b89680e9e67de22], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D47EABA-E55B-47F1-A5F5-14E0ACC5E234}, In Quarantäne, [1cbdf2a52f5b61d59e05abcbac5959a7], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905C19DC-1787-48D4-A94E-E0BCC1B0FDBA}, In Quarantäne, [f4e597000d7dda5c2d750b6b5ca91ce4], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CFCCD01-9DE9-4DA5-9A66-F1DE9CBA57C5}, In Quarantäne, [c910c4d38bff6acc158d1f572bdadf21], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8853FAF-CC80-4E56-84F1-9B7F3DCEDF19}, In Quarantäne, [72675e392f5b8fa7f2b2fa7c62a3ed13], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB591AD8-BBE3-422F-AD5B-2F51DFFA334C}, In Quarantäne, [0bceefa8d2b8082ee0c456200401eb15], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF281F83-A57A-4843-A0BF-E7691959A534}, In Quarantäne, [5d7cdcbbd6b42016bee5ed8908fdf907], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB13E534-9E03-4C19-BD41-F04C904B46C7}, In Quarantäne, [e5f470272763a88e7e26fc7af510e21e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFF13A4F-517B-4DB2-87D9-245DDF30C610}, In Quarantäne, [ba1f2176573360d640644036ca3b56aa], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E99580A1-D7D9-4160-8F2D-1FCD2C5C6732}, In Quarantäne, [3b9ea3f4236761d5673c274f22e32bd5], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5014966-B0D9-4BE3-AAA8-F0473FD61EC8}, In Quarantäne, [ab2e8f089febda5ce5bf284ea16427d9], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC92366E-D80C-4E68-B056-7A60A334CDF4}, In Quarantäne, [ac2d7e193753f145ced6f77fe32251af], 
PUP.Optional.Trovi.C, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [a336c6d1d1b987af24a685f0699cd52b], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [a732890e305aff370f7fcf11867dff01], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}, In Quarantäne, [c6135b3c395184b2e2ac9b455ca7768a], 
PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [c21751462a604fe77c9925bc40c3639d], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [edecbadddfabdf57642a05dbaa599f61], 
PUP.Optional.SweetSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [30a906915a3084b254d0825d9b687090], 
PUP.Optional.HQPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HQVro-1.91, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], 
PUP.Optional.GUPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GUPlayer, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 

Registrierungswerte: 50
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905c19dc-1787-48d4-a94e-e0bcc1b0fdba}|AppName, HQVro-1.91-bg.exe, In Quarantäne, [eeeb3265f89256e0fea7690dae578080]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cfccd01-9de9-4da5-9a66-f1de9cba57c5}|AppName, MediaPlayerplus-bg.exe, In Quarantäne, [d504d9bed5b59b9bd9ccfa7cbf46c838]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab591ad8-bbe3-422f-ad5b-2f51dffa334c}|AppName, MediaPlayerplus-codedownloader.exe, In Quarantäne, [ce0ba5f2d8b27eb8dbcccea83acb639d]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5014966-b0d9-4be3-aaa8-f0473fd61ec8}|AppName, HQVro-1.91-codedownloader.exe, In Quarantäne, [578233645b2fed49cadd1264d13438c8]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398708465&from=tugs&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [29b03a5de6a48ea84f022cb1b64df60a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [ebeed8bfbfcb979fef99d99615f011ef]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [98412e694d3d84b27b0dea85d035ec14]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905c19dc-1787-48d4-a94e-e0bcc1b0fdba}|AppName, HQVro-1.91-bg.exe, In Quarantäne, [4d8c1285d1b942f4871e5c1acb3a6e92]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cfccd01-9de9-4da5-9a66-f1de9cba57c5}|AppName, MediaPlayerplus-bg.exe, In Quarantäne, [eaef8a0d25650e281e87b3c33dc89e62]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab591ad8-bbe3-422f-ad5b-2f51dffa334c}|AppName, MediaPlayerplus-codedownloader.exe, In Quarantäne, [fadfedaaaae06ec8aef95d19fd0852ae]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5014966-b0d9-4be3-aaa8-f0473fd61ec8}|AppName, HQVro-1.91-codedownloader.exe, In Quarantäne, [af2a0196d5b537ff64433a3cf312bd43]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [b9209afda0ea9f970a0c5190778c3bc5]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [2aaf8a0d2664cc6a9d7917cad13248b8]
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_pl_9, In Quarantäne, [3a9f64332a60b581f6f439ca23e1c739], 
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\faststartff@gmail.com, In Quarantäne, [ddfc5d3a9eec50e6b4dd481819ecbf41]
PUP.Optional.QuickSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\quick_searchff@gmail.com, In Quarantäne, [edec6b2cb4d6b383ce2f0bd349baab55]
PUP.Optional.SweetSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\7gzgvd2b.default\extensions\sweetsearch@gmail.com, In Quarantäne, [66734d4a830754e2e9156b737f8428d8]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [67728c0baddd2f07872443bf966e0cf4]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, A89A44BE-10D7-43CC-9B5D-450830CF699D, In Quarantäne, [7b5eaaed404a96a0bf715b129d6805fb]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15A6C94A-9E7F-4664-A4F7-5213C425C2E5}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-codedownloader.exe, In Quarantäne, [6970b4e3b8d2bc7a1e86ee88d035a25e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{24DC681D-E46F-4BA9-A0AA-274B25A94564}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [4d8c1d7aa0ea092dcdd7c3b3a0653dc3]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B3B5BC2-DA69-488E-BD14-CA5C5C5A8B40}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-buttonutil.exe, In Quarantäne, [4a8f62355436d165356e6a0c8382b54b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{42FBCD7C-18A3-4C9A-82A6-D9B01725BE5B}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-buttonutil.exe, In Quarantäne, [13c62176731763d3960d25512fd630d0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73A943EB-D88A-43CB-B619-362516368A63}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [499067304248bc7a9d07bdb98c79bb45]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{767BD76C-9F32-4D1D-B71D-725577D6A36E}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-codedownloader.exe, In Quarantäne, [fcdd1c7b424862d4762e6b0bb84d46ba]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{791640C7-37B9-4EBB-B16C-C5A6EC1B3E57}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [32a7dabd15755bdb1b89680e9e67de22]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D47EABA-E55B-47F1-A5F5-14E0ACC5E234}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-buttonutil.exe, In Quarantäne, [1cbdf2a52f5b61d59e05abcbac5959a7]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{905c19dc-1787-48d4-a94e-e0bcc1b0fdba}|AppName, HQVro-1.91-bg.exe, In Quarantäne, [f4e597000d7dda5c2d750b6b5ca91ce4]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9cfccd01-9de9-4da5-9a66-f1de9cba57c5}|AppName, MediaPlayerplus-bg.exe, In Quarantäne, [c910c4d38bff6acc158d1f572bdadf21]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8853FAF-CC80-4E56-84F1-9B7F3DCEDF19}|AppName, 923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe-codedownloader.exe, In Quarantäne, [72675e392f5b8fa7f2b2fa7c62a3ed13]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab591ad8-bbe3-422f-ad5b-2f51dffa334c}|AppName, MediaPlayerplus-codedownloader.exe, In Quarantäne, [0bceefa8d2b8082ee0c456200401eb15]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF281F83-A57A-4843-A0BF-E7691959A534}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-buttonutil.exe, In Quarantäne, [5d7cdcbbd6b42016bee5ed8908fdf907]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB13E534-9E03-4C19-BD41-F04C904B46C7}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [e5f470272763a88e7e26fc7af510e21e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFF13A4F-517B-4DB2-87D9-245DDF30C610}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [ba1f2176573360d640644036ca3b56aa]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E99580A1-D7D9-4160-8F2D-1FCD2C5C6732}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-buttonutil.exe, In Quarantäne, [3b9ea3f4236761d5673c274f22e32bd5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5014966-b0d9-4be3-aaa8-f0473fd61ec8}|AppName, HQVro-1.91-codedownloader.exe, In Quarantäne, [ab2e8f089febda5ce5bf284ea16427d9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC92366E-D80C-4E68-B056-7A60A334CDF4}|AppName, 6e36e8b7-5a33-405b-889f-ed80ffb3f521-2.exe-codedownloader.exe, In Quarantäne, [ac2d7e193753f145ced6f77fe32251af]
PUP.Optional.Trovi.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=58&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&q={searchTerms}&SSPV=, In Quarantäne, [17c21c7bd2b8fe3876450e6113f28a76]
PUP.Optional.Conduit.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [57825c3bd3b7191dbba4cf11ee153cc4]
PUP.Optional.Trovi.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, In Quarantäne, [36a367302b5f50e615a60b640203d22e]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [a732890e305aff370f7fcf11867dff01]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://do-search.com//favicon.ico, In Quarantäne, [5b7e9bfc0585270f9fefae32ac576997]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [c6135b3c395184b2e2ac9b455ca7768a]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|TopResultURL, hxxp://istart.webssearches.com/web/?type=ds&ts=1398708465&from=tugs&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [7267494e276395a1ee626479966de51b]
PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [c21751462a604fe77c9925bc40c3639d]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [fedb8314464464d2c4caa63a0300b34d]
PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, In Quarantäne, [954451468a00cf6767ae4d940ef5a45c]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [edecbadddfabdf57642a05dbaa599f61]
PUP.Optional.SweetSearch.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MOZILLA\EXTENDS|appid, sweetsearch@gmail.com, In Quarantäne, [30a906915a3084b254d0825d9b687090]
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{8E3C10E3-9B89-B515-883F-0A45FF62B29F}, C:\Program Files (x86)\BlockAndSurf-soft\161.xpi, In Quarantäne, [0ecbcdca0b7fe2549931c5aa55b09868]

Registrierungsdaten: 16
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[2aaf1e799befa6901e284ae053b3ff01]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[c01973249dedd462492c04190ff737c9]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[6871326527639e98462faf6e9175f40c]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[ebeee4b3612947ef660f39e4ce38ef11]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[10c94e49d5b553e3a6cfd7464fb7dc24]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[dcfd593e0c7e76c09cdac954ab5b728e]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[bd1c0b8c731769cd33432eefbd490cf4]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[f0e9e5b2bdcdda5cf27327020303768a]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[439602954e3c5fd755f12bff43c3916f]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[31a8494eb3d7c274f948d65463a3f40c]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[b5244d4abcce013590b1072363a34cb4]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[36a33760d3b72214273efe2bf80e8f71]
PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[fcdd6d2a8cfedb5bee5480aaf016837d]
PUP.Optional.Trovi.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=55&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=E876506D-C3DB-4AC4-9868-9FB7AA2E2AF6&SearchSource=55&CUI=&UM=8&UP=SP7313AAB2-8DE8-4C30-8D50-67F565A08A5D&D=050915&SSPV=),Ersetzt,[1dbcbdda4e3ce551f3485ec152b49967]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1407780098&from=amt&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX),Ersetzt,[bf1acccb02881323046ffd2027df39c7]
PUP.Optional.Delta.A, HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}),Ersetzt,[79607027fc8e1e189fa3b47638ce28d8]

Ordner: 101
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\misc, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ar, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\de, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\en, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\es, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\fr, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\he, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\it, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ja, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\nl, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pl, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pt_BR, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ru, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\tr, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_metadata, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [5c7dd8bfd6b4989e97ca318bf50e3ec2], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [5c7dd8bfd6b4989e97ca318bf50e3ec2], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], 
PUP.Optional.NewPlayer.A, C:\Users\Jaspar\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, In Quarantäne, [9544badd4842d85e929b2aa9de25de22], 
PUP.Optional.NewPlayer.A, C:\Users\Jaspar\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7, In Quarantäne, [9544badd4842d85e929b2aa9de25de22], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [21b832658dfd0f27396fe8ebf01314ec], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [21b832658dfd0f27396fe8ebf01314ec], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer, In Quarantäne, [e3f65740a0ea3ef859978d4ca45f6898], 

Dateien: 326
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys, Löschen bei Neustart, [cddd303170528ae154d7d6060b06b0e8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, In Quarantäne, [0acf35620a8013232f1fdb3b07fb05fb], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\HQVro-1.91-bg.exe, In Quarantäne, [a0395e39fc8e86b004fcce920df9857b], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\HQVro-1.91-bho64.dll, In Quarantäne, [ca0f2a6d67237abcb34d0e5224e2e31d], 
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, In Quarantäne, [4297791e880236002b983639ed13768a], 
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, In Quarantäne, [30a957408307b97d4182680701ffeb15], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, In Quarantäne, [a5342b6cdab09a9ca7fe50f65ca68779], 
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, In Quarantäne, [b3268215fc8e033352dd8bac08fa3fc1], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\IeWatchDog.dll, In Quarantäne, [2aaf6a2dd0baa09634e30e093acc9e62], 
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [58814f48fa903501e087514c54ad15eb], 
PUP.Optional.ELEX, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [e7f2bbdc7d0d979f28410ac978898d73], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [e0f98f087d0da4921d7df44356aaf907], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, In Quarantäne, [697063342466c4723d430a0f17efc13f], 
PUP.Optional.WindowsProtectManger.A, C:\$Recycle.Bin\S-1-5-21-705164964-436951070-2432176924-1002\$RGMOLWF\ProtectWindowsManager.exe, In Quarantäne, [34a56334008ae45206c9dbfa1ee35aa6], 
PUP.Optional.Conduit.A, C:\Users\Jaspar\AppData\Local\Temp\dlLogic.exe, In Quarantäne, [dcfdadea0387e3535f9591b38b75936d], 
PUP.Optional.SearchProtect.A, C:\Users\Jaspar\AppData\Local\Temp\spstub.exe, In Quarantäne, [19c066317416da5cadc5843123dec43c], 
PUP.Optional.GUPlayer.A, C:\Users\Jaspar\Desktop\GUPlayer.lnk, In Quarantäne, [8f4a7126e8a213237931d60acb382bd5], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avabvbxvh, In Quarantäne, [bd1c890ef3973df90ef9bc2cef1417e9], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [cd0cf5a24644b284517faf3fdf24eb15], 
PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, In Quarantäne, [8d4c9bfc6327ae88c8838382bf4533cd], 
PUP.Optional.IStartSurf.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage, In Quarantäne, [02d7f89fb4d6cf675fc13c31db2a08f8], 
PUP.Optional.IStartSurf.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal, In Quarantäne, [8752dfb8b7d3132349d72e3ffc09b14f], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\is.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\manifest.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\background.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\background.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\browser\misc\screenshot.inject.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_de.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_en_gb.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_en_us.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_fr.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_he.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_it.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_pt_br.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_ru.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\data\favorites_tr.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\angular.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\crypto-js.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery-2.1.0.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.autocomplete.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.balloon.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.fittext.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.Jcrop.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\jquery.simplecolorpicker.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\mustache.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\string.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\external\underscore-min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\gallery.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\gallery.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\newtab.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\newtab.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\review.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\content\newtab\review.min.js, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\foundation.min.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\indicator.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\Jcrop.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\jquery.autocomplete.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\jquery.Jcrop.min.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\jquery.simplecolorpicker.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\external\normalize.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\arrow-gallery-cat-selected.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\arrow.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\emptyArea.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\gallery.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\gallery_templates.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\icon-gallery-search.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\not_available_32.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\plus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\gallery\X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons\128.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons\16.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\icons\48.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\buttons.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\footer.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\header.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\list.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\newtab.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\search.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\css\themes.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\close-bar2.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-edit.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\a.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-2.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-bar.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-medium.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader-small.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\ajax-loader.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\arrow-footer.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\arrow-header.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\attachment.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\close.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\corner.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\edit-button.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-apps-dark.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-apps.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-chrome.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-close.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-contents-light.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-contents.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-layout.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-plus-dark.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-plus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-right.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-search.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-settings.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\icon-theme.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\menu_v.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\menu_v_white.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\x-button.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\arab_tile.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\batthern_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\bo_play_pattern_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\dark_wood_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\diagonal_striped_brick.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\escheresque_ste_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\gold_scale.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\purty_wood_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\readme.txt, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\starring_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\weave_@2X.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\wild_oliva_@2X.jpg, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\images\patterns\woven.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources\groups.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources\list.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\newtab\resources\menu.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\activetabs.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\favorites.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\layout.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\modal-fav-add.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\modal-fav-edit.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\modal-fav-group.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\readitlater.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\recentlyclosed.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\theme.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\css\webapps.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\bookmarks.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\download.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\downloads.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\downloas.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\extensions.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\history.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\settings.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\chrome\trash.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites\empty.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites\error.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\favorites\shadow.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\contactus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\facebook.ico, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\rateus.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\images\info\twitter.ico, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\activetabs.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\favorites.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\layout.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\modal-fav-add.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\modal-fav-edit.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\modal-fav-group.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\readitlater.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\readitlater_content.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\readitlater_menu.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\recentlyclosed.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\theme.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\webapps.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\plugins\resources\webapps_contextmenu.html, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_1.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_2.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_3.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_4.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\cat_5.gif, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\rating-star.png, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\skin\review\review.css, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ar\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\de\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\en\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\es\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\fr\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\he\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\it\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ja\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\nl\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pl\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\pt_BR\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\ru\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_locales\tr\messages.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_metadata\computed_hashes.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.NewTab.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\_metadata\verified_contents.json, In Quarantäne, [67728f08bad0a88e357ae3d6a85b8977], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [5c7dd8bfd6b4989e97ca318bf50e3ec2], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [20b98215c7c36ec8a20aaa17ea1932ce], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\53172.crx, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\53172.xpi, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\background.html, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\HQVro-1.91.ico, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], 
PUP.Optional.HQPro.A, C:\Program Files (x86)\HQVro-1.91\Uninstall.exe, In Quarantäne, [1cbdecabc4c682b4554d2ba623e0cd33], 
PUP.Optional.NewPlayer.A, C:\Users\Jaspar\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.7\user.config, In Quarantäne, [9544badd4842d85e929b2aa9de25de22], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avcodec-54.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avdevice-54.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avformat-54.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\avutil-51.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\GuPlayer.exe, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\libfreetype-6.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\libpng15-15.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\postproc-52.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\SDL.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\SDL_image.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\SDL_ttf.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\swresample-0.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\swscale-2.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\Uninstaller.exe, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GUPlayer\zlib1.dll, In Quarantäne, [af2ab0e77d0d0234a24d8e4b08fb817f], 
PUP.Optional.GUPlayer.A, C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\GUPlayer.lnk, In Quarantäne, [e3f65740a0ea3ef859978d4ca45f6898], 
PUP.Optional.GUPlayer.A, C:\Users\Jaspar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer\Uninstall GUPlayer.lnk, In Quarantäne, [e3f65740a0ea3ef859978d4ca45f6898], 
PUP.Optional.Delta.A, C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX",), Ersetzt,[9f3abcdb9feb033394be6efc58aecb35]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

ADW:
Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 20:20:38
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Jaspar - LAPPI
# Gestarted von : C:\Users\Jaspar\Downloads\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : IHProtect Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Jaspar\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\Jaspar\AppData\Roaming\rightbackup
Ordner Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage
Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal
Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd
Datei Gelöscht : C:\Users\Jaspar\Desktop\Continue Mybest Offerstoday Uninstaller.lnk
Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
Datei Gelöscht : C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : Advanced System Protector

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.65

[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/search;_ylt=A7x9Ukjq4OlUjCIALSZfCwx.?p={searchTerms}&fr2=sb-top&hspart=iry&hsimp=yhs-fullyhosted_003&param1=1&param2=cd%3D%26cr%3D%26elng%3Dde%26elcl%3Dde%26a%3Dsd-fd%26uref%3Dg4%26f%3D2%26cat%3Dweb%26ulng%3Dde-DE%252Cde%253Bq%253D0.8%252Cen-US%253Bq%253D0.6%252Cen%253B%26sid%3D0e46e3fd817ce072532c4aee782e305c%26stype%3Dspdydef%26sesid%3D214765b1e3845c7870387735dc8356d2%26csr%3D0%26ipblock%3D0%26b%3DChrome%26bv%3D40.0.2214.115%26os%3DWindows%2B8.1%26cc%3Dde%26ip%3D91.65.69.148%26pa%3Dspeedial%26x%3Db7465606-b200-4bef-a227-c3ad36f40c40&type=spdydef
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : fcfenmboojpjinhpgggodefccipikbpd
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.delta-homes.com/?type=hp&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX
[C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] : hxxp://search.delta-homes.com/web/?type=ds&ts=1429100058&from=ient04150&uid=HGSTXHTS541010A9E680_JA1000102B9R5P2B9R5PX&q={searchTerms}

*************************

AdwCleaner[R0].txt - [5293 Bytes] - [25/05/2015 20:14:29]
AdwCleaner[S0].txt - [5159 Bytes] - [25/05/2015 20:20:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5218  Bytes] ##########
         


Alt 25.05.2015, 20:36   #6
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Jaspar (administrator) on LAPPI on 25-05-2015 21:30:39
Running from C:\Users\Jaspar\Downloads
Loaded Profiles: Jaspar (Available Profiles: UpdatusUser & Jaspar)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Facebook Update] => C:\Users\Jaspar\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-24] (Facebook Inc.)
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\Run: [BingSvc] => C:\Users\Jaspar\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-705164964-436951070-2432176924-1002\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [5310 2015-05-25] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2014-09-24]
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-705164964-436951070-2432176924-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-17] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-05-28] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-05-28] (Kaspersky Lab ZAO)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Jaspar\AppData\Roaming\Mozilla\Firefox\Profiles\6vqd8buq.default-1431200109324
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jaspar\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-705164964-436951070-2432176924-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-02-20] (Pando Networks)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-19]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-01-07]
CHR Extension: (YouTube) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Google Search) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-07]
CHR Extension: (Google Sheets) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (Bookmark Manager) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Gmail) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR Extension: (Anti-Banner) - C:\Users\Jaspar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-07]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () []
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) []
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-28] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [40104 2014-08-21] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S0 ustccmt; System32\drivers\grvvdwae.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 21:18 - 2015-05-25 21:18 - 00000000 ____D () C:\Users\Jaspar\Downloads\FRST-OlderVersion
2015-05-25 20:19 - 2015-05-25 20:19 - 00000000 _____ () C:\Recovery.txt
2015-05-25 20:14 - 2015-05-25 20:20 - 00000000 ____D () C:\AdwCleaner
2015-05-25 20:14 - 2015-05-25 20:14 - 02222592 _____ () C:\Users\Jaspar\Downloads\AdwCleaner_4.205.exe
2015-05-25 20:13 - 2015-05-25 20:13 - 02945770 _____ (Thisisu) C:\Users\Jaspar\Desktop\JRT.exe
2015-05-25 20:12 - 2015-05-25 20:12 - 00106737 _____ () C:\Users\Jaspar\Desktop\mbam.txt
2015-05-25 18:51 - 2015-05-25 18:51 - 00000000 __SHD () C:\found.001
2015-05-25 18:35 - 2015-05-25 19:23 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 18:34 - 2015-05-25 18:34 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-25 18:34 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-25 18:34 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-25 18:34 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-25 18:33 - 2015-05-25 18:33 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jaspar\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 19:17 - 2015-05-23 19:17 - 00028642 _____ () C:\Users\Jaspar\Downloads\Addition.txt
2015-05-23 19:16 - 2015-05-25 21:30 - 00019591 _____ () C:\Users\Jaspar\Downloads\FRST.txt
2015-05-23 19:16 - 2015-05-25 21:30 - 00000000 ____D () C:\FRST
2015-05-23 19:15 - 2015-05-25 21:18 - 02108928 _____ (Farbar) C:\Users\Jaspar\Downloads\FRST64.exe
2015-05-22 17:39 - 2015-05-22 17:39 - 00000000 __SHD () C:\found.000
2015-05-22 01:06 - 2015-05-22 01:06 - 00305224 _____ () C:\WINDOWS\Minidump\052215-34343-01.dmp
2015-05-22 00:45 - 2015-05-22 00:45 - 00350128 _____ () C:\WINDOWS\Minidump\052215-33062-01.dmp
2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-19 14:07 - 2015-05-19 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 23:49 - 2015-05-13 23:55 - 00000000 ____D () C:\Users\Jaspar\Documents\Bandicam
2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\BANDISOFT
2015-05-13 23:49 - 2015-05-13 23:49 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-05-13 23:48 - 2015-05-13 23:48 - 09864192 _____ (Bandisoft) C:\Users\Jaspar\Downloads\bdcamsetup.exe
2015-05-13 15:39 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:39 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 13:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 13:18 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 13:18 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 13:17 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 13:17 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 13:17 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 13:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 13:17 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 13:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 13:17 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 13:17 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 13:17 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 13:17 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 13:17 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 13:17 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 13:17 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 13:17 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 13:17 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 13:17 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 13:17 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 13:17 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 13:17 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 13:17 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 13:17 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 13:17 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 13:17 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 13:17 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 13:17 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 13:17 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 13:17 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 13:17 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 13:17 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 13:17 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 13:17 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 13:17 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 13:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 13:17 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 13:17 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 13:17 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 13:17 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 13:17 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 13:17 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 13:17 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 13:17 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 13:17 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 13:17 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 13:17 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 13:17 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 13:17 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 13:17 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 13:17 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 13:17 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 13:17 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 13:17 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 13:17 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 13:17 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 13:17 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 13:17 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 13:17 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 13:17 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 13:17 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 13:17 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 13:17 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 13:17 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 13:17 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 13:17 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 13:17 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 13:17 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 13:17 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 13:17 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 13:17 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 13:17 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 13:17 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 13:17 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 13:17 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 13:17 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 13:17 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 13:17 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-09 21:33 - 2015-05-09 21:33 - 00000000 ____D () C:\Users\Jaspar\Tracing
2015-05-09 21:17 - 2015-05-09 21:17 - 00003144 _____ () C:\WINDOWS\System32\Tasks\{A442621D-3DFF-4D44-AED1-BFB8F25EA3C7}
2015-05-09 21:08 - 2015-05-22 01:05 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00002715 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Skype
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-09 20:56 - 2015-05-09 20:57 - 00000050 _____ () C:\Users\Jaspar\Desktop\t1.bat
2015-05-09 20:53 - 2015-05-09 20:53 - 00000000 ____D () C:\Users\Jaspar\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2015-05-03 16:33 - 2015-05-03 16:33 - 00000000 __SHD () C:\Users\Jaspar\AppData\Local\EmieBrowserModeList
2015-05-02 15:09 - 2015-05-02 15:09 - 00240102 _____ () C:\Users\Jaspar\Documents\ts3_clientui-win32-1407159763-2015-05-02 15_09_51.243762.dmp
2015-04-26 15:58 - 2015-04-26 15:58 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\TeamViewer
2015-04-26 15:57 - 2015-05-09 20:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-26 15:56 - 2015-04-26 15:56 - 07970528 _____ (TeamViewer GmbH) C:\Users\Jaspar\Downloads\TeamViewer_Setup_de.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 21:00 - 2014-09-23 23:06 - 00871442 _____ () C:\WINDOWS\PFRO.log
2015-05-25 20:23 - 2015-01-07 20:37 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 20:22 - 2014-07-12 13:28 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-25 20:22 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-25 20:21 - 2014-05-02 21:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-05-25 20:21 - 2013-08-22 16:46 - 00340477 _____ () C:\WINDOWS\setupact.log
2015-05-25 20:11 - 2014-04-28 20:18 - 00000000 ____D () C:\Users\Jaspar\AppData\Local\com
2015-05-23 19:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-22 16:17 - 2014-08-17 12:00 - 431778920 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-22 15:31 - 2014-07-08 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-22 01:04 - 2014-11-21 21:29 - 00000000 __RDO () C:\Users\Jaspar\OneDrive
2015-05-22 00:58 - 2015-01-07 20:37 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 00:45 - 2014-10-11 20:54 - 00000000 ____D () C:\Users\Jaspar
2015-05-22 00:45 - 2014-02-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 00:43 - 2014-10-11 20:47 - 02048338 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-21 23:27 - 2014-08-08 14:33 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002UA.job
2015-05-21 18:48 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-21 18:47 - 2015-04-05 16:05 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-21 18:46 - 2014-01-22 02:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-705164964-436951070-2432176924-1002
2015-05-21 17:21 - 2014-02-21 19:18 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\TS3Client
2015-05-21 12:00 - 2015-04-16 13:39 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-05-21 12:00 - 2013-12-09 22:47 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-05-21 11:27 - 2014-08-08 14:33 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705164964-436951070-2432176924-1002Core.job
2015-05-21 10:59 - 2015-03-14 23:14 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 10:15 - 2014-01-22 02:44 - 00000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys
2015-05-21 00:00 - 2014-10-30 14:52 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{93648374-8FFE-44A4-9064-D6548AB6A10B}
2015-05-18 22:18 - 2014-02-20 20:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-18 22:13 - 2014-02-20 20:25 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-18 13:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-15 19:53 - 2015-01-07 20:37 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:52 - 2015-01-07 20:37 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 23:49 - 2014-03-26 20:11 - 00000000 ____D () C:\Users\Jaspar\AppData\Roaming\NVIDIA
2015-05-13 19:43 - 2013-08-22 16:44 - 00362896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 19:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 19:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 15:26 - 2014-09-24 08:00 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 21:19 - 2015-03-10 17:15 - 00013312 ___SH () C:\Users\Jaspar\Downloads\Thumbs.db
2015-05-09 21:40 - 2014-06-10 10:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-09 20:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-06 17:55 - 2013-04-26 01:15 - 06329286 _____ () C:\WINDOWS\AsDebug.log
2015-05-05 19:59 - 2014-11-20 16:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 19:59 - 2014-09-24 09:46 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-26 15:16 - 2013-04-26 01:15 - 01331948 _____ () C:\WINDOWS\AsCDProc.log

==================== Files in the root of some directories =======

2014-01-22 02:44 - 2015-05-21 10:15 - 0000062 _____ () C:\Users\Jaspar\AppData\Roaming\sp_data.sys
2013-04-26 01:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd

Files to move or delete:
====================
C:\Users\Jaspar\PSISetup_3.0.0.9016.exe


Some files in TEMP:
====================
C:\Users\Jaspar\AppData\Local\Temp\bdcam_0.dll
C:\Users\Jaspar\AppData\Local\Temp\bdfilters.dll
C:\Users\Jaspar\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Jaspar\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Jaspar\AppData\Local\Temp\nch1setup.exe
C:\Users\Jaspar\AppData\Local\Temp\Quarantine.exe
C:\Users\Jaspar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 22:11

==================== End of log ============================
         

Alt 26.05.2015, 17:47   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 18:30   #8
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dcff3168f9d79043a10fd6fbc502b77f
# engine=24050
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-27 04:54:52
# local_time=2015-05-27 06:54:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.3.9600 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777214 100 100 496296 64223714 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6456798 57626985 0 0
# scanned=277256
# found=6
# cleaned=0
# scan_time=4854
sh=6A0A9783FFE1EE10D850173AA652325188FF37FF ft=1 fh=c71c0011414b9536 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-705164964-436951070-2432176924-1002\$RDW5VJ3\UninstallManager.exe"
sh=BDCFAB786869E5EF2CE9E3E84AF405D07F677DA6 ft=1 fh=5d81b5dd6872fb2f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\AppData\Local\Microsoft\Windows\INetCache\IE\SWOROAQT\Setup[1].exe"
sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\AppData\Local\Microsoft\Windows\INetCache\IE\XTCG0DBU\Stub[1].exe"
sh=47B19AB97028D8925579BED54EFEE88C8107D6B6 ft=1 fh=34f71966959b3eb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\AppData\Local\Temp\DMR\dmr_72.exe"
sh=5BFD53BD42BAFD16F6E9D9D0B2B9A0372A2E93E7 ft=1 fh=2c3e931875df3a39 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\OneDrive\Documents\CFSetup381 - CHIP-Installer.exe"
sh=E301955DF7A3F37954CECD106DB6A0F2C907B405 ft=1 fh=95b788ef4760c140 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jaspar\OneDrive\Documents\TeamSpeak-3-64-Bit-lnstall.exe"
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	17.0.0.169  
 Mozilla Firefox (38.0.1) 
 Google Chrome (42.0.2311.152) 
 Google Chrome (43.0.2357.65) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Zum Thema weiterer Probleme:

Zitat:
JRT.exe lässt sich nicht ausführen. Entweder startet der PC neu oder die Windowshilfe öffnet sich, wie zu jedem Start des abgesicherten Modus. Außerdem kam auch folgende Fehlermeldung auf:
Zitat:
Zitat:
Die Anweisung bei "0x0000000077CF97E8" verwies auf Speicher "0x0000000000413000". Die erforderlichen Dateien werden aufgrund eines E/A-Fehlers in "0x000009c" nicht an den Arbeitsspeicher übertragen.
Es treten nun auch regelmäßig ähnliche Fehlermeldungen auf für explorer.exe
Außerdem läss sich nun FRST nicht mehr starten.

Zitat:
Das Programm kann nicht gestartet werden, da MPR.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben.
Nachwievor komme ich nur über den abgesicherten Modus 'rein.

Alt 28.05.2015, 12:21   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2015, 16:03   #10
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



Die Reperatur verlief ohne weitere Probleme, wurde aber bereits bei Abschluss des Suchlaufs im zweiten Schritt darauf hingeweisen, dass einige Dateien irreperabel seien.
Der Systemstart war nicht erfolgreich gewesen. Ich konnte mich zwar anmelden, wurde aber dann von Fehlermeldungen überhäuft, bis der PC mich mit einem schwarzen Bildschirm alleine ließ.

Alt 31.05.2015, 13:45   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



Mach mal bitte nen kompletten Refresh von Win8.1.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.05.2015, 15:34   #12
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



Was bedeutet das konkret? Bzw. wie gehe ich da vor?

Alt 01.06.2015, 09:18   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



schau mal hier
So wird&#39;s gemacht: Auffrischen, Wiederherstellen und Zurücksetzen des PCs auf die Originaleinstellung - Windows-Hilfe
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.06.2015, 19:22   #14
Damiani
 
Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



Ich bitte die längere Verzögerung zu entschuldigen. Leider fand ich nicht so viel Zeit mich dem Laptop zu widmen.
Nach reichlichem Ein- und Ausschalten musste ich feststellen - mehrere Versuche wurden unternommen - dass ich via abgesichertem Modus nicht auf die Einstellungen zugreifen kann. Die Fenster öffnet sich (das PC-Einstellungen-ändern-Fenster - diese Windows-Kachel), und minimiierte sich postwendend.
Beim Booten + Shift F8 gelange ich in dieses eine Fenster. Wenn ich darüber die PC-Einstellungen ändern möchte, gelange ich wenigstens schonmal zu dem Hinweis, was ab dem nächsten Schritt geschieht. Kurz darauf aber werde ich darauf hingewiesen, dass die Festplatte geschützt sei, also in irgendeiner Form gesperrrt - deshalb der Vorgang nicht auszuführen sei.

Alt 05.06.2015, 11:10   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Grauer Bildschirm mit traurig ausschauendem Smiley - Standard

Grauer Bildschirm mit traurig ausschauendem Smiley



Dann bleibt eigentlich nur ne komplette Recovery. Aber vorher Daten sichern.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Grauer Bildschirm mit traurig ausschauendem Smiley
abgesicherten, bildschirm, daten, entfernt, erhalte, geräusch, guten, konto, ladebildschirm, laptop, league, league of legends, modus, nachricht, neu, neustart, nicht mehr, plötzlich, programme, revo uninstaller, scan, schonmal, smiley, starten, systemfehler, traurig, unbekannte, verwendet



Ähnliche Themen: Grauer Bildschirm mit traurig ausschauendem Smiley


  1. Win 7 grauer Bildschirm
    Log-Analyse und Auswertung - 05.12.2014 (5)
  2. Grauer/Schwarzer Bildschirm-Trojaner?
    Alles rund um Windows - 23.11.2014 (10)
  3. Win 8.1 grauer Bildschirm nach Bios update
    Alles rund um Windows - 10.11.2014 (5)
  4. Grauer Bildschirm nach Zahlungsaufforderung!
    Plagegeister aller Art und deren Bekämpfung - 16.01.2014 (3)
  5. Windows 8 grauer Bildschirm
    Log-Analyse und Auswertung - 22.12.2013 (3)
  6. Grauer Bildschirm bei Windows Start (Win 7)
    Log-Analyse und Auswertung - 14.11.2013 (5)
  7. Grauer Bildschirm nach Windowsstart
    Log-Analyse und Auswertung - 23.04.2013 (14)
  8. Grauer Bildschirm nach Windows XP Start
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (14)
  9. Grauer Bildschirm nach Windowsstart
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (16)
  10. Nach Laptop start grauer Bildschirm Windows 8
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (1)
  11. wgsdgsdgdsgsd.exe im Taskmanager / Nur noch Grauer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (3)
  12. grauer Bildschirm nach Anmeldung, Windows XP
    Log-Analyse und Auswertung - 01.01.2013 (13)
  13. grauer bildschirm nach systemstart bei wondows 7
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (1)
  14. (2x) Trojaner: Grauer Bildschirm nach dem Anmelden...
    Mülltonne - 24.06.2012 (1)
  15. SpyHunter + grauer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (35)
  16. smiley auf dunklem bildschirm, windows startete nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 17.09.2011 (19)
  17. Smiley + dunkler Bildschirm, Windows XP fährt nicht mehr hoch
    Plagegeister aller Art und deren Bekämpfung - 04.06.2007 (1)

Zum Thema Grauer Bildschirm mit traurig ausschauendem Smiley - Guten Tag - ich möchte Sie um Hilfe bitten. Heute habe ich die Nachricht erhalten, dass der Laptop meines Bruders sich nicht mehr richtig starten lässt. Er war am Tag - Grauer Bildschirm mit traurig ausschauendem Smiley...
Archiv
Du betrachtest: Grauer Bildschirm mit traurig ausschauendem Smiley auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.