Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google + FB öffnen nicht über Firefox. Neuer Tab Meldung chrome://quick_start/content/index.html (https://www.trojaner-board.de/160309-google-fb-oeffnen-firefox-neuer-tab-meldung-chrome-quick_start-content-index-html.html)

Zitronentee 01.11.2014 21:49
Google + FB öffnen nicht über Firefox. Neuer Tab Meldung chrome://quick_start/content/index.html
 
Hallo,

ich habe da ein Problem und würde mich freuen, wenn jemand helfen könnte:

Wenn wir bei Firefox einen neuen Tab öffnen, erscheint folgende Fehlermeldung:
chrome://quick_start/content/index.htmlw

Google und Facebook lassen sich nicht öffnen, es erscheint die Meldung:
Datenübertragung unterbrochen.
Über den Suchanbieter (es erscheint "Trovi" als Startseite) werden beide zwar als Such-Ergebnisse angezeigt, aber beim Anklicken erscheint die gleiche Meldung (Datenübertragung unterbrochen).

Unter Internet-Explorer lassen sich beide Seiten problemlos (aber langsam) öffnen.

Wir hatten vor ca. 2 Wochen Google Chrome als Browser installiert, da gab es vor ein paar Tagen auch schon Fehlermeldungen (Website nicht verfügbar). Bis gestern nachmittag waren diese Fehlermeldungen nur kurzfristig. Gestern nachmittag dann den Laptop runtergefahren (alles ging noch), abends wieder angemacht, da lief unter Google Chrome nichts mehr.

Heute dann Chrome deinstalliert. Unter IE läuft es wie gesagt langsam. Unter Firefox (heute neu installiert, direkt von Mozilla) die Probleme wie oben beschrieben.

Wir haben den gratis Norton Power Eraser benutzt, er hat einige "bösartige" Sachen gefunden und entfernt, trotzdem bleibt das Problem bestehen. Der Avira-Schirm ist aufgespannt aber auf Doppelklick reagiert das Programm mit der Meldung "Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und versuchen Sie es erneut". Internetverbindung steht :wtf:

Zwischenzeitlich beim Öffnen eines weiteren Tabs) erscheint auch mal "Keine Rückmeldung" und es öffnet sich eine neue Seite mit einem (angeblichen?) Windows-Reparatur-Tool (von Firefox - angeblich?).

Wäre nett, wenn jemand helfen könnte! Danke im Voraus!

schrauber 01.11.2014 22:23
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Zitronentee 02.11.2014 10:08
Hallo schrauber,

vielen Dank für die schnelle Antwort!

FRS.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Mark (administrator) on ACER on 02-11-2014 10:00:40
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & Sabiye & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System INC.) C:\WINDOWS\RfBtnSvc64.exe
() C:\Program Files (x86)\Universal Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\Users\Mark\AppData\Local\fst_de_180\upfst_de_180.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files (x86)\Universal Updater\CrashMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files (x86)\Salus\Salus.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [fst_de_180] => "C:\Program Files (x86)\fst_de_180\fst_de_180.exe"
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Mark\AppData\Local\ConvertAd\ConvertAd.exe
HKLM-x32\...\Run: [CrashMon] => C:\Program Files (x86)\Universal Updater\CrashMon.exe [404992 2014-09-23] ()
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Salus] => C:\Program Files (x86)\Salus\Salus.exe [981840 2014-09-24] ()
HKLM-x32\...\Run: [Salus CrashMon] => "C:\Program Files (x86)\Salus\CrashMon.exe" "Salus.exe" "hxxp://log.data-url.com/salus/crash"
HKLM-x32\...\RunOnce: [upfst_de_180.exe] => C:\Users\Mark\AppData\Local\fst_de_180\upfst_de_180.exe [3303416 2014-09-18] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2613370363-1168659386-1177263031-1001\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-03] (Spotify Ltd)
HKU\S-1-5-21-2613370363-1168659386-1177263031-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=156&itype=n&ver=13892&tm=477&src=ds&p={searchTerms}
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM - {B8D7FB5F-AA1F-4CDD-8C7F-D2394C074E47} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_38_ie&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyByEtB0A0D0C0Czz0D0A0BtN0D0Tzu0SzyzyyDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0CtD0CyDzz0EtG0B0AtAtBtGtA0CyEtCtGtDzytD0AtGyByB0AtA0A0EyC0CtB0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0BzyyBtB0EyEtGtC0E0EyDtGyEtC0CyDtG0BtCtB0EtG0EtCtByEtDyB0DtAzz0D0ByE2Q&cr=1526756493&ir=
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI-&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=156&itype=n&ver=13892&tm=477&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = hxxp://www.default-search.net/search?sid=498&aid=156&itype=n&ver=13892&tm=477&src=ds&p={searchTerms}
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
BHO: BlockAndSurf -> {034A356D-1278-4F29-B449-8CCC36B1C0CC} -> C:\Program Files (x86)\ver0BlockAndSurf\178_x64.dll No File
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M36242DC1-51E2-41E1-BEF7-92104E5ABCF7&SearchSource=55&CUI=&UM=6&UP=SP7DE26576-1157-464E-B46D-0977A5C43144&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\user.js
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\extensions\faststartff@gmail.com
FF HKCU\...\Firefox\Extensions: [{56ECA8F3-137B-5B92-3D29-079D46759E21}] - C:\Program Files (x86)\ver0BlockAndSurf\178.xpi

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [112128 2012-07-26] (Microsoft Corporation) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S2 CouponArificService64; C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe [172544 2014-09-29] () [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-08-24] (Dritek System INC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 UniversalUpdater; C:\Program Files (x86)\Universal Updater\UpdaterService.exe [623064 2014-09-29] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-08-24] (Dritek System Inc.)
R1 Salus; C:\Windows\System32\drivers\Salus.sys [52048 2014-09-24] (Windows (R) Win 7 DDK provider)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-11-01] (Symantec Corporation)
R2 webinstr; C:\WINDOWS\system32\Drivers\webinstr.sys [58040 2014-09-21] (Corsica)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 10:00 - 2014-11-02 10:01 - 00015579 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-11-02 09:59 - 2014-11-02 10:00 - 00000000 ____D () C:\FRST
2014-11-02 09:58 - 2014-11-02 09:58 - 02114048 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-11-01 20:38 - 2014-11-01 20:38 - 00108216 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS
2014-11-01 20:38 - 2014-11-01 20:38 - 00000020 _____ () C:\WINDOWS\system32\Drivers\SMR430.dat
2014-11-01 20:17 - 2014-11-01 20:18 - 00000000 ____D () C:\NPE
2014-11-01 20:15 - 2014-11-01 20:39 - 00000000 ____D () C:\Users\Mark\AppData\Local\NPE
2014-11-01 13:09 - 2014-11-01 13:09 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-01 13:09 - 2014-11-01 13:09 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-01 13:09 - 2014-11-01 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-31 16:30 - 2014-10-31 16:30 - 00000000 ____D () C:\Program Files (x86)\Salus
2014-10-29 23:19 - 2014-10-29 23:19 - 00000303 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2014-10-28 21:43 - 2014-10-29 21:17 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-10-28 20:29 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2014-10-28 20:29 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2014-10-28 20:29 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-10-28 20:29 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-28 20:29 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 20:29 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-10-26 21:50 - 2014-10-26 21:51 - 00001568 _____ () C:\WINDOWS\comsetup.log
2014-10-26 21:14 - 2014-10-26 21:14 - 00013312 ___SH () C:\Users\Mark\Documents\Thumbs.db
2014-10-26 10:09 - 2014-10-26 10:09 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_de_av___ws (1).exe
2014-10-26 10:09 - 2014-10-26 10:09 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Avira
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-26 10:08 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-26 10:08 - 2014-10-26 10:08 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_de_av___ws.exe
2014-10-26 09:53 - 2014-10-26 09:53 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{4BA85958-647D-4D3D-AC14-3B37BCBD526B}
2014-10-23 21:04 - 2014-11-01 13:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 21:04 - 2014-10-23 21:05 - 00000000 ____D () C:\Users\Mark\AppData\Local\Google
2014-10-21 22:53 - 2014-10-22 20:15 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-21 22:52 - 2014-11-01 13:23 - 00000000 ____D () C:\Program Files\CouponArific
2014-10-21 22:52 - 2014-10-22 20:15 - 00000005 _____ () C:\end
2014-10-21 22:52 - 2014-10-22 20:15 - 00000000 ____D () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
2014-10-20 20:09 - 2014-10-20 20:09 - 00000000 ____D () C:\Program Files (x86)\ttpErfectceoupuOn
2014-10-20 18:03 - 2014-10-21 21:19 - 00000000 ____D () C:\ProgramData\ttpErfectceoupuOn
2014-10-19 19:10 - 2014-10-20 20:09 - 00000000 ____D () C:\ProgramData\LizardSales
2014-10-19 09:13 - 2014-10-20 20:09 - 00000000 ____D () C:\ProgramData\19c72af7068c06b2
2014-10-17 19:22 - 2014-10-17 19:22 - 00003572 _____ () C:\WINDOWS\System32\Tasks\YTDownloader
2014-10-17 19:21 - 2014-10-17 19:21 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-10-17 19:21 - 2014-10-17 19:21 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-10-17 19:20 - 2014-10-17 19:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashRpt
2014-10-16 22:42 - 2014-10-17 19:20 - 00202752 ___SH () C:\Users\Mark\Desktop\Thumbs.db
2014-10-16 18:59 - 2014-10-16 18:59 - 00281784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 18:32 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-16 18:32 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 17:15 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 17:15 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 16:08 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-10-15 16:08 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-10-15 16:08 - 2014-07-12 01:02 - 00478352 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-10-15 16:08 - 2014-07-12 01:00 - 00478352 _____ () C:\WINDOWS\system32\locale.nls
2014-10-15 16:08 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-10-15 16:08 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-10-15 16:08 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-10-15 16:08 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-10-15 16:08 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2014-10-15 16:08 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-10-15 16:08 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-10-15 16:08 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 16:08 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 16:08 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-10-15 16:08 - 2014-06-28 07:57 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-10-15 16:08 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-10-15 16:08 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-15 16:08 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-15 16:08 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-10-15 16:08 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-10-15 16:08 - 2014-06-13 00:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-10-15 16:08 - 2014-06-13 00:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-10-15 16:08 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-10-15 16:08 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-10-15 16:08 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-10-15 16:08 - 2014-05-30 00:31 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-15 16:08 - 2014-05-30 00:03 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-15 16:08 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-10-15 16:07 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 16:07 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 16:07 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 16:07 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 16:07 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 16:07 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-10-15 16:07 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-10-15 16:07 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-10-15 16:07 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2014-10-15 16:07 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 16:07 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2014-10-15 16:07 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2014-10-15 16:07 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 16:07 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2014-10-15 16:06 - 2014-09-28 05:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 16:06 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 16:06 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-10-15 16:06 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 16:06 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-10-15 16:06 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-10-15 16:06 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 16:06 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-10-15 16:06 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 16:06 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-10-15 16:06 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-10-15 16:06 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-10-15 16:06 - 2014-08-30 06:48 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-15 16:06 - 2014-08-30 06:46 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 16:06 - 2014-08-30 05:05 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-15 16:06 - 2014-08-30 05:03 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 16:06 - 2014-08-01 23:08 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 16:06 - 2014-07-24 14:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-10-15 16:06 - 2014-07-17 00:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2014-10-15 16:06 - 2014-07-16 23:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-10-15 16:06 - 2014-07-16 23:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2014-10-15 16:06 - 2014-07-12 07:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2014-10-15 16:06 - 2014-07-12 05:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-10-15 16:06 - 2014-07-12 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-10-15 16:06 - 2014-07-12 05:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-10-15 16:06 - 2014-07-12 05:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-10-15 16:06 - 2014-06-28 07:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-10-15 16:06 - 2014-06-28 03:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-10-03 14:10 - 2014-10-03 14:10 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-10-03 00:02 - 2014-10-03 00:02 - 00000000 ____D () C:\Program Files (x86)\Universal Updater

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 09:57 - 2014-09-21 20:41 - 00000000 ____D () C:\Users\Mark\AppData\Local\fst_de_180
2014-11-02 09:54 - 2014-09-21 20:42 - 00000432 _____ () C:\WINDOWS\Tasks\BlockAndSurf Update.job
2014-11-02 09:54 - 2013-08-24 15:21 - 01763482 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-02 09:53 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-01 21:39 - 2014-10-02 23:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-01 21:21 - 2014-09-21 20:21 - 00000298 _____ () C:\WINDOWS\Tasks\WSE_Astromenda.job
2014-11-01 20:55 - 2014-09-21 20:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2613370363-1168659386-1177263031-1001
2014-11-01 20:40 - 2013-08-25 01:00 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-01 20:40 - 2013-08-25 01:00 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-01 20:40 - 2012-07-26 08:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-01 20:36 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-01 20:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-01 19:40 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-01 13:10 - 2014-09-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-01 11:24 - 2014-09-21 20:11 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-10-31 16:33 - 2014-09-22 21:43 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Spotify
2014-10-30 18:01 - 2013-12-15 01:47 - 00000000 ____D () C:\Users\Mark\Desktop\Telekomrechnungen
2014-10-30 17:55 - 2013-12-10 20:55 - 00000000 ____D () C:\Users\Mark\Downloads\Rechnungen Telekom
2014-10-30 17:24 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-29 22:18 - 2014-09-27 20:09 - 00955904 ___SH () C:\Users\Mark\Downloads\Thumbs.db
2014-10-29 21:14 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-28 21:43 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-28 21:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-26 23:00 - 2014-09-24 16:19 - 00000000 ___HD () C:\$Windows.~BT
2014-10-26 22:29 - 2013-04-18 03:46 - 00312180 _____ () C:\WINDOWS\PFRO.log
2014-10-26 22:14 - 2014-02-07 23:40 - 00000000 __SHD () C:\Recovery
2014-10-26 21:54 - 2014-09-21 20:04 - 00064773 _____ () C:\WINDOWS\diagwrn.xml
2014-10-26 21:54 - 2014-09-21 20:04 - 00064773 _____ () C:\WINDOWS\diagerr.xml
2014-10-26 21:54 - 2012-07-26 08:21 - 00686186 _____ () C:\WINDOWS\setupact.log
2014-10-26 21:53 - 2012-07-26 09:13 - 00003611 _____ () C:\WINDOWS\DtcInstall.log
2014-10-26 21:50 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-26 21:36 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-10-26 21:25 - 2014-09-21 20:09 - 00000000 ____D () C:\Users\Mark\AppData\Local\Packages
2014-10-26 10:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-26 09:57 - 2013-04-18 05:36 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-26 09:56 - 2013-04-18 05:36 - 00000000 ____D () C:\Program Files\mcafee
2014-10-26 09:56 - 2013-04-18 05:36 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-10-26 09:53 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-10-23 23:02 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-23 23:02 - 2012-07-26 08:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-22 20:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-22 20:13 - 2014-09-21 20:21 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Systweak
2014-10-22 20:04 - 2014-09-29 19:43 - 00004016 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-10-22 20:01 - 2014-10-01 17:33 - 00003312 _____ () C:\WINDOWS\System32\Tasks\ASP
2014-10-16 18:28 - 2014-09-24 19:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 18:28 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 18:26 - 2014-09-24 19:24 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-09 21:43 - 2014-09-22 21:44 - 00000000 ____D () C:\Users\Mark\AppData\Local\Spotify
2014-10-06 20:11 - 2014-09-29 22:42 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-06 19:00 - 2013-04-18 05:31 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-10-03 00:02 - 2014-10-02 23:47 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\babcabebbbce.exe
C:\Users\Mark\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mark\AppData\Local\Temp\bs.exe
C:\Users\Mark\AppData\Local\Temp\bwvw_n1a.dll
C:\Users\Mark\AppData\Local\Temp\CloudBackup5309.exe
C:\Users\Mark\AppData\Local\Temp\CloudBackup7567.exe
C:\Users\Mark\AppData\Local\Temp\crossrider_uninstaller.exe
C:\Users\Mark\AppData\Local\Temp\optprosetup.exe
C:\Users\Mark\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite24813.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite27342.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite29441.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite30974.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite35178.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite49474.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite50022.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite50849.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite51136.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite59590.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite61605.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite63611.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite66088.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite66355.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite67355.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite67673.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite72319.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite72499.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite78697.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite82926.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite84745.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite89281.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite93476.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite95969.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite96205.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite97066.dll
C:\Users\Mark\AppData\Local\Temp\ttap2.dll
C:\Users\Mark\AppData\Local\Temp\ttap2.exe
C:\Users\Mark\AppData\Local\Temp\tu17p84.exe
C:\Users\Mark\AppData\Local\Temp\uoEK5.exe
C:\Users\Mark\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 19:37

==================== End Of Log ============================
--- --- ---

--- --- ---




Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by Mark at 2014-11-02 10:01:23
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{81C6F800-A69B-4E70-9DC0-74732F8B00E7}) (Version: 1.00.3015 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmootherWeb (HKCU Version: 1.0 - SmootherWeb LLC) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2613370363-1168659386-1177263031-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

06-10-2014 17:58:23 Windows Update
15-10-2014 15:13:12 Windows Update
22-10-2014 19:04:55 System Speedup Mi, Okt 22, 14  21:04
23-10-2014 19:15:26 Windows Modules Installer
26-10-2014 17:57:52 Windows Modules Installer
01-11-2014 19:33:14 Norton_Power_Eraser_20141101203311789

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {34B5F279-7DA5-4330-87BD-89D99E9ECCBA} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2013-02-08] ()
Task: {3A56B7F4-9748-4078-9F2D-007E31A9FD73} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {467E18EB-4ACF-4FBF-9363-EAA2BD3424B5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4922B1DB-AE77-4EB4-851F-9BB0831312B6} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe [2014-10-22] (Microsoft Corporation)
Task: {5B169B8B-1716-47B1-A1A1-0C7221B1E7ED} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
Task: {62BD62A7-3304-42B8-A3A6-FEB4103F220E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {66608CE0-A084-4A25-9ADE-CAC62DA5784F} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\WINDOWS\system32\AutoUpdate.exe [2014-10-22] (Microsoft Corporation)
Task: {71EF85BA-FCC3-40B5-850F-F8CB119A1571} - System32\Tasks\WSE_Astromenda => C:\Users\Mark\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {810CC6F8-D731-46BE-A3A6-C0234856F6A8} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {88902FB1-C1DF-401C-A5AF-809EA5383F48} - System32\Tasks\ASP => C:\Program Files (x86)\System Speedup\SystweakASP.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE419622-EC6E-46AE-B3A6-81F36A63695E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {B8A9F883-55A2-404A-8EA2-8091FBAAB920} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB7384D9-5F11-4E93-87CA-D99C83DB3F6C} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
Task: {D9B313DA-8103-4F47-A417-147527C4920C} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2013-02-08] ()
Task: {E61C37E3-8433-47B1-9475-0BD3362F574D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F4390C05-C722-433C-960D-2CAFD1E7575B} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver0BlockAndSurf\l6BlockAndSurfp84.exe <==== ATTENTION
Task: {FAB86D2C-519B-4ECD-A040-113B590231B6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-02] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver0BlockAndSurf\l6BlockAndSurfp84.exe
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\Mark\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-09-29 14:00 - 2014-09-29 14:00 - 00623064 _____ () C:\Program Files (x86)\Universal Updater\UpdaterService.exe
2014-09-21 20:41 - 2014-09-18 10:43 - 03303416 _____ () C:\Users\Mark\AppData\Local\fst_de_180\upfst_de_180.exe
2013-04-18 04:05 - 2013-01-02 07:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 13:47 - 2013-01-28 13:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-09-23 18:55 - 2014-09-23 18:55 - 00404992 _____ () C:\Program Files (x86)\Universal Updater\CrashMon.exe
2014-09-24 11:51 - 2014-09-24 11:51 - 00981840 _____ () C:\Program Files (x86)\Salus\Salus.exe
2013-02-08 22:24 - 2013-02-08 22:24 - 00044616 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-02-08 22:24 - 2013-02-08 22:24 - 00025672 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-04-04 09:25 - 2014-04-04 09:25 - 00102400 _____ () C:\Program Files (x86)\Salus\nfapi.dll
2014-06-05 05:41 - 2014-06-05 05:41 - 00331776 _____ () C:\Program Files (x86)\Salus\ProtocolFilters.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Sabiye\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2613370363-1168659386-1177263031-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-2613370363-1168659386-1177263031-501 - Limited - Disabled)
Mark (S-1-5-21-2613370363-1168659386-1177263031-1001 - Administrator - Enabled) => C:\Users\Mark
Sabiye (S-1-5-21-2613370363-1168659386-1177263031-1004 - Limited - Enabled) => C:\Users\Sabiye

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2014 08:37:06 PM) (Source: CouponArificService64) (EventID: 1) (User: )
Description: CouponArificService64SvcInit, failed to connect to driver, status: -1
 failed with 2

Error: (11/01/2014 11:24:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 38.0.2125.104, Zeitstempel: 0x5437298b
Name des fehlerhaften Moduls: metro_driver.dll, Version: 38.0.2125.104, Zeitstempel: 0x54372258
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00033c2d
ID des fehlerhaften Prozesses: 0x308
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (11/01/2014 11:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 38.0.2125.104, Zeitstempel: 0x5437298b
Name des fehlerhaften Moduls: metro_driver.dll, Version: 38.0.2125.104, Zeitstempel: 0x54372258
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00033c2d
ID des fehlerhaften Prozesses: 0x308
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (10/27/2014 00:12:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer)
Description: Das Paket „DefaultBrowser_NOPUBLISHERID“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (10/27/2014 00:12:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 38.0.2125.104 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c98

Startzeit: 01cff1724d1a7e48

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 9a5bfc3e-5d65-11e4-bea5-54bef742adcc

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/27/2014 00:12:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer)
Description: Das Paket „DefaultBrowser_NOPUBLISHERID“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (10/26/2014 09:24:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: Die App „DefaultBrowser_NOPUBLISHERID!Chrome“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (10/26/2014 08:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 38.0.2125.104, Zeitstempel: 0x5437298b
Name des fehlerhaften Moduls: metro_driver.dll, Version: 38.0.2125.104, Zeitstempel: 0x54372258
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00033c2d
ID des fehlerhaften Prozesses: 0x6c0
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (10/26/2014 08:15:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 38.0.2125.104, Zeitstempel: 0x5437298b
Name des fehlerhaften Moduls: metro_driver.dll, Version: 38.0.2125.104, Zeitstempel: 0x54372258
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00033c2d
ID des fehlerhaften Prozesses: 0x6c0
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (10/26/2014 07:10:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (11/01/2014 08:37:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "CouponArificService64" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%4294967295

Error: (11/01/2014 08:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "netfilter64" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/01/2014 08:37:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "CouponArificService64" wurde nicht richtig gestartet.

Error: (11/01/2014 08:15:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/29/2014 11:20:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/29/2014 09:13:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/27/2014 00:16:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/26/2014 09:53:17 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/26/2014 09:52:47 AM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/26/2014 03:48:12 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {ADA518B9-B7A3-4C36-B4ED-49EB3FA189FC}


Microsoft Office Sessions:
=========================
Error: (11/01/2014 08:37:06 PM) (Source: CouponArificService64) (EventID: 1) (User: )
Description: CouponArificService64SvcInit, failed to connect to driver, status: -1
 failed with 2

Error: (11/01/2014 11:24:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bmetro_driver.dll38.0.2125.10454372258c000041d00033c2d30801cff5bdf26108c2C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\metro_driver.dll3b3135ea-61b1-11e4-bea9-54bef742adcc

Error: (11/01/2014 11:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bmetro_driver.dll38.0.2125.10454372258c000000500033c2d30801cff5bdf26108c2C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\metro_driver.dll32286f0e-61b1-11e4-bea9-54bef742adcc

Error: (10/27/2014 00:12:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer)
Description: DefaultBrowser_NOPUBLISHERID

Error: (10/27/2014 00:12:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.104c9801cff1724d1a7e484294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9a5bfc3e-5d65-11e4-bea5-54bef742adcc

Error: (10/27/2014 00:12:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer)
Description: DefaultBrowser_NOPUBLISHERID

Error: (10/26/2014 09:24:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: DefaultBrowser_NOPUBLISHERID!Chrome

Error: (10/26/2014 08:15:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bmetro_driver.dll38.0.2125.10454372258c000041d00033c2d6c001cff1512b14a059C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\metro_driver.dll6c865250-5d44-11e4-bea4-54bef742adcc

Error: (10/26/2014 08:15:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bmetro_driver.dll38.0.2125.10454372258c000000500033c2d6c001cff1512b14a059C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\metro_driver.dll6a64507d-5d44-11e4-bea4-54bef742adcc

Error: (10/26/2014 07:10:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Acer)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3914.27 MB
Available physical RAM: 2480.13 MB
Total Pagefile: 5066.27 MB
Available Pagefile: 3482.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:680.04 GB) (Free:635.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4D73C031)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 02.11.2014 18:05
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    webssearches uninstall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Zitronentee 02.11.2014 21:35
Hallo schrauber,

vielen Dank für die Antwort! Wir haben alles nach Anweisung ausgeführt.

Hier die Dateien:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.11.2014
Suchlauf-Zeit: 20:11:25
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.02.05
Rootkit Datenbank: v2014.11.01.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Mark

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 383754
Verstrichene Zeit: 20 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 4
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\CrashMon.exe, 5504, Löschen bei Neustart, [f30ab97dbfbdb6807649b3ab8b78a15f]
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\UpdaterService.exe, 1660, Löschen bei Neustart, [f30ab97dbfbdb6807649b3ab8b78a15f]
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\Salus.exe, 1824, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4]
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\upfst_de_180.exe, 4800, Löschen bei Neustart, [9c617abcadcf12247aa6769cb94a7a86]

Module: 4
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\ProtocolFilters.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\libeay32.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nfapi.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\ssleay32.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],

Registrierungsschlüssel: 86
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [807d9a9c0c70c96df32931b45aa8966a],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [31ccf93d3c406fc73d7016cffd0554ac],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.TermTutor.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [0cf17cba04780c2a0cd25951d131e11f],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, In Quarantäne, [7b823105e8944cea8c7de603d32f7a86],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, In Quarantäne, [7b823105e8944cea8c7de603d32f7a86],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [7b823105e8944cea8c7de603d32f7a86],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [7b823105e8944cea8c7de603d32f7a86],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, In Quarantäne, [7b823105e8944cea8c7de603d32f7a86],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [42bb39fd7408f4427d5007a5fe04da26],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [42bb39fd7408f4427d5007a5fe04da26],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [42bb39fd7408f4427d5007a5fe04da26],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [42bb39fd7408f4427d5007a5fe04da26],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, In Quarantäne, [42bb39fd7408f4427d5007a5fe04da26],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [5da054e2c0bc92a42cdafeebcc369b65],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [5da054e2c0bc92a42cdafeebcc369b65],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [5da054e2c0bc92a42cdafeebcc369b65],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [7b82181e5923e74f8ac52587fc0607f9],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [7b82181e5923e74f8ac52587fc0607f9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [b845b68016663df9772cc0f0be447d83],
PUP.Optional.Salus.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Salus, In Quarantäne, [9c6105315c200a2c57a3e9495ba86799],
PUP.Optional.UniversalUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UniversalUpdater, In Quarantäne, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.BrowserChampion.A, HKLM\SOFTWARE\WOW6432NODE\Browser Champion, In Quarantäne, [d32a9b9b77059c9a77b9a1943ac96c94],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\ClearThink, In Quarantäne, [ca333afc9fdd77bfb5eac6d5788ca15f],
PUP.Optional.Salus.A, HKLM\SOFTWARE\WOW6432NODE\Salus, In Quarantäne, [609d61d5bfbdac8a074e072bf01302fe],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, In Quarantäne, [7d802214dd9fe551e55bab89e61dc739],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [8f6e33035f1d2e08ba8d93059f659f61],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [f4095fd7ee8e4bebb8fb73e2689b29d7],
PUP.Optional.CouponArific.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponArificService64, In Quarantäne, [ae4fab8b4735b383716ece5854af44bc],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [31cc41f50775ef4792fb2cfbe12260a0],
PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR, In Quarantäne, [35c8a88e0676cd6900f3ba7449bae31d],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQVP-3.5V29.09, In Quarantäne, [7885fd39c0bce94d4a7573b6996a08f8],
PUP.Optional.InternetSpeedChecker, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Internet Speed Checker, In Quarantäne, [cc3181b54a325cda597b68cd20e359a7],
PUP.Optional.HDVid.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheHDvid-Codec V10, In Quarantäne, [c43957df93e9142223af5adf4eb5c13f],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [c439092dfb8153e3dac138410ef6ca36],
PUP.Optional.ClearThink.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ClearThink, In Quarantäne, [18e538fe6418be78118f9efd2cd8b14f],
PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, In Quarantäne, [56a7a98da8d4fa3cc9639604b84cf60a],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, In Quarantäne, [5da0fb3bb7c5bf772dae3eeaaa59a957],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [8d709f97fd7f0c2a28140c2838cb33cd],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [cb32d2647a021a1c7908afec778de719],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [f20b2e08b3c946f0a1181b1c4fb4a45c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [47b664d2ceaef244176f612b8c78619f],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [0cf1b97d92ea77bfbf4d4b17d033e61a],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [37c645f1d1abd462004b4038f1133bc5],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [f508b680255780b6722d98a6ea19ae52],
PUP.Optional.Qone8, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a558f73f027ab383469a592a16eeb749],
PUP.Optional.FastStart.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [3ebfd95d7efeba7cb0e708274bb827d9],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [8d70d264f08c2d09a10df8a154b0dd23],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [43bacd693745979fb0ef3806b152e51b],
PUP.Optional.Qone8, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [ac51d85eafcdb3838858e0a35ea612ee],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [897494a2720a58de0b9478c646bd3cc4],
PUP.Optional.Qone8, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [936a37ff2b513cfad7095c27976d57a9],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [30cd0a2c5b2126109c5e52c041c2d12f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [30cd0a2c5b2126109c5e52c041c2d12f],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EB431D2A-E2E0-B8C5-E6A9-4510D06F71D2}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8EF3BF22-85A6-7638-2591-B480B3F35E1D}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8EF3BF22-85A6-7638-2591-B480B3F35E1D}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EB431D2A-E2E0-B8C5-E6A9-4510D06F71D2}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{034A356D-1278-4F29-B449-8CCC36B1C0CC}, In Quarantäne, [f40941f5c5b7280e10a37ebf7491639d],

Registrierungswerte: 14
PUP.Optional.UniversalUpdater.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CrashMon, "C:\Program Files (x86)\Universal Updater\CrashMon.exe" "UniversalUpdater" "hxxp://log.data-url.com/crash/", In Quarantäne, [f30ab97dbfbdb6807649b3ab8b78a15f]
PUP.Optional.Salus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Salus CrashMon, "C:\Program Files (x86)\Salus\CrashMon.exe" "Salus.exe" "hxxp://log.data-url.com/salus/crash", In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4]
PUP.Optional.Salus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Salus, C:\Program Files (x86)\Salus\Salus.exe, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4]
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [48b561d5abd140f62cfffc352bd8dc24]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [8d70ef47007c191d34f79f928281ec14]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_180, "C:\Program Files (x86)\fst_de_180\fst_de_180.exe", In Quarantäne, [996421152c50c96d20cd8fbf54af3ac6]
PUP.Optional.ConvertAd.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ConvertAd, C:\Users\Mark\AppData\Local\ConvertAd\ConvertAd.exe, In Quarantäne, [41bc7eb8c6b6ec4a17a2d356af54e020]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\extensions\faststartff@gmail.com, In Quarantäne, [b5485cdaf884f442b4ac732430d4da26]
PUP.Optional.UniversalUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UNIVERSALUPDATER|ImagePath, C:\Program Files (x86)\Universal Updater\UpdaterService.exe, In Quarantäne, [ec119f9777054cea0db3afaf986ba35d]
PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR|DisplayName, webinstr, In Quarantäne, [35c8a88e0676cd6900f3ba7449bae31d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0J1L2U1C1H1Q0R2X1L1R1P0B1P, In Quarantäne, [37c645f1d1abd462004b4038f1133bc5]
PUP.Optional.FastStart.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [3ebfd95d7efeba7cb0e708274bb827d9]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, In Quarantäne, [8d70d264f08c2d09a10df8a154b0dd23]
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upfst_de_180.exe, C:\Users\Mark\AppData\Local\fst_de_180\upfst_de_180.exe -runonce, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86]

Registrierungsdaten: 26
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}),Ersetzt,[be3f3df92359989e6d2c74b9fd088080]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98),Ersetzt,[3ebf0e28601c77bf0790f439b74e6a96]
PUP.Optional.WebSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}),Ersetzt,[a756bd79f28aa88e52577f38758cdf21]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[26d7a393542881b517a461d622e334cc]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}),Ersetzt,[2dd063d3ee8e00360b8e5bd219ec56aa]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98),Ersetzt,[a459b77fc5b785b17423b7764db827d9]
PUP.Optional.WebSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98&q={searchTerms}),Ersetzt,[59a4e5514c303105ddcc9c1b42bfeb15]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[86777abc2c50270f0ead1b1c2cd94db3]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI-&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI-&q={searchTerms}),Ersetzt,[e11c063082fadf5708f82507a95c6f91]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[3fbe1a1c91eb3ef8778c022a8f764bb5]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98),Ersetzt,[d22b1d19bac2b87e574576b7c54024dc]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98),Ersetzt,[b84586b0304c69cdefa92eff18ed25db]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[76873105314b7cba5ca647e5d62fb947]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[07f6d363215b51e5b05587a501041fe1]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[af4e2e08aad25dd90df969c3d035cc34]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[f10c9e98d6a685b1cb36042840c5639d]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[2ad3a096116b39fdf310b17b6d9823dd]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1411418543&from=slbnew&uid=WDCXWD7500BPVX-22JC3T0_WD-WX71E33LDU98LDU98),Ersetzt,[708dc571e79544f2e5b30c21dc298c74]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[e51895a147353ef8e02282aacd3834cc]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[fa03a88ecfadd264986d77b5b055c838]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[b14c5bdba8d4e155d03634f88b7a20e0]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[ce2f67cfb5c7c67011f0012bda2b0000]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[8677f1457efed660b9499894d62fe61a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[00fd6acceb916acc1aebe5478580718f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[f8053600f08cde58fa0c5bd1d03556aa]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2613370363-1168659386-1177263031-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmwISFOaNT7hqnI92GefcaOiGqj7qMAMVs8OpDiAI4zRqymQ2rVgPi5DmnVF2pop_OWXUh3mniwHWDmE04oCDF5stYdBxg6tbMb-9FUHe0Mk2bJLniwcYM04eIBGneEJdXEh1olagZ-E2fecw0Ob6iDXL8JI5&q={searchTerms}),Ersetzt,[35c889adf78562d4e51ca4882dd8ce32]

Ordner: 37
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater, Löschen bei Neustart, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\CrashReports, In Quarantäne, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\Salus, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\Salus\SSL, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [b84596a04e2e7cba29618d5c679b5ba5],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [fffed0666913b3832ce0c24f30d334cc],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [fffed0666913b3832ce0c24f30d334cc],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [fffed0666913b3832ce0c24f30d334cc],
PUP.Optional.SystemSpeedup, C:\Users\Mark\AppData\Roaming\Systweak\ssd, In Quarantäne, [45b83303d2aade580f9ed53cab581fe1],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180, Löschen bei Neustart, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\Download, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\fst_de_180, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\fst_de_180\1.20, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.196222, In Quarantäne, [30cd0a2c5b2126109c5e52c041c2d12f],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.461240, In Quarantäne, [b944ee4892ea0e28ad4d829037ccab55],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf, In Quarantäne, [3bc23df96f0d5ed8b1868491c0436d93],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64, In Quarantäne, [3bc23df96f0d5ed8b1868491c0436d93],
PUP.Optional.Linkey.A, C:\Users\Mark\AppData\Local\Linkey\IEExtension, In Quarantäne, [0bf268ceed8fcd69c17975a0798a659b],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector, In Quarantäne, [cf2eef47700c84b2103784937192c33d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\2.1.1000.13665, In Quarantäne, [cf2eef47700c84b2103784937192c33d],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures, In Quarantäne, [cf2eef47700c84b2103784937192c33d],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Mark\AppData\Roaming\Systweak\Advanced-System-Protector, In Quarantäne, [7a8394a20775f93dcd7a66b1eb187d83],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Mark\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665, In Quarantäne, [7a8394a20775f93dcd7a66b1eb187d83],
PUP.Optional.SettingsManager.A, C:\Users\Mark\AppData\Roaming\FirefoxToolbar\Settings Manager, In Quarantäne, [6d904ee8dca020164f2544d6689ba55b],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\UpdateProc, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, In Quarantäne, [9c61270f99e38bab64da20fdae5504fc],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro, In Quarantäne, [f10c0432cfad0a2cbd901b0230d354ac],
PUP.Optional.CouponArific, C:\Program Files\CouponArific, In Quarantäne, [c03d55e15f1d9c9a23c75dc8689b60a0],
PUP.Optional.CouponArific, C:\Program Files\CouponArific\SSL, In Quarantäne, [c03d55e15f1d9c9a23c75dc8689b60a0],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C, In Quarantäne, [9f5e5fd73b413303818a071fd132db25],

Dateien: 125
PUP.Optional.CrossRider.A, C:\Program Files (x86)\FLVPlayer\hdfextsetup.exe, In Quarantäne, [c23b77bfaad25bdbeb4624a921e011ef],
PUP.Optional.Firseria, C:\Program Files (x86)\PC Speed Up\Uninstall_PCSpeedUp.exe, In Quarantäne, [db2252e417656accd22e4f7f8c7521df],
PUP.Optional.MyPCBackup.A, C:\Users\Mark\AppData\Local\Temp\CloudBackup7567.exe, In Quarantäne, [6994fb3b2557a5919f73677534cd0cf4],
PUP.Optional.MyPCBackup.A, C:\Users\Mark\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [b449cc6a314bee480012b329e1204eb2],
PUP.Optional.IBryte, C:\Users\Mark\AppData\Local\Temp\bs.exe, In Quarantäne, [b24bd95dd6a6d363ee36fac40ff214ec],
PUP.Optional.MyPCBackup.A, C:\Users\Mark\AppData\Local\Temp\CloudBackup5309.exe, In Quarantäne, [68951422116b5cda888a5587d52c6a96],
PUP.Optional.Conduit.A, C:\Users\Mark\AppData\Local\Temp\SearchProtectINT.exe, In Quarantäne, [b34a4aec720a48eea541b57e06fbc43c],
PUP.Optional.CrossRider, C:\Users\Mark\AppData\Local\Temp\Install_30458\cr.exe, In Quarantäne, [2cd15bdb3d3f3ff7205d4091da27ec14],
PUP.Optional.CrossRider, C:\Users\Mark\AppData\Local\Temp\Install_30458\iwebar.exe, In Quarantäne, [d32ab3835824be78037ad2ff639e60a0],
PUP.Optional.SmartBar, C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [fc010531b2ca3ff79bb9e648ee12669a],
PUP.Optional.GratifyingApps.A, C:\Users\Mark\AppData\Local\Temp\nstF1B1.tmp\BCSetup.exe, In Quarantäne, [1be2eb4b512bde58519b3f829e63db25],
PUP.Optional.OutBrowse, C:\Users\Mark\AppData\Local\Temp\nsx43FE.tmp\rece.dll, In Quarantäne, [619cea4ce39976c0f9a8e6e3d9286898],
PUP.Optional.StormWatch.A, C:\Users\Mark\AppData\Local\Temp\91412180967\1_Offer_14.exe, In Quarantäne, [17e6ee480b71241227640253b05042be],
PUP.Optional.StormWatch.A, C:\Users\Mark\AppData\Local\Temp\91412180986\1_Offer_14.exe, In Quarantäne, [e8157fb7fa8254e2c7c4afa68f71da26],
PUP.Optional.OutBrowse, C:\Users\Mark\AppData\Local\Temp\nsd9182.tmp\rece.dll, In Quarantäne, [d429e650cab2f244b5ec7851b44d31cf],
PUP.Optional.VOPackage.Gen, C:\Users\Mark\AppData\Local\Temp\n2554\VOPackage.exe, In Quarantäne, [7f7e57dfc7b5bd79ebdb7859f20fc33d],
Trojan.MSIL.Bladabindi, C:\Users\Mark\AppData\Local\Temp\n5715\Installer.exe, In Quarantäne, [b74634024933c175de564f78a85945bb],
PUP.Optional.Salus.A, C:\Users\Mark\AppData\Local\Temp\n5715\salus_1_0_0_1.exe, In Quarantäne, [7c8164d294e8aa8cf11b239433ce02fe],
PUP.Optional.SearchHijacker.A, C:\Users\Mark\AppData\Local\Temp\n7532\webssearches_1209-c61a659a.exe, In Quarantäne, [29d4f83e7ffd171f7d5ccde807fa3ec2],
PUP.Optional.BPlug, C:\Users\Mark\AppData\Local\Temp\is281105613\1049053_stp.EXE, In Quarantäne, [b746a5915c20fc3aa0f2dbe66a9733cd],
PUP.Optional.SearchHijacker.A, C:\Users\Mark\AppData\Local\Temp\is45637729\2237253_stp\cor_sweet-page.exe, In Quarantäne, [35c8f640df9d96a029b006afcb365da3],
PUP.Optional.Salus.A, C:\WINDOWS\Temp\9AB4.tmp, In Quarantäne, [b5483bfb99e375c1b390a524fe0307f9],
PUP.Optional.Linkey.A, C:\Users\Mark\AppData\Local\Linkey\IEExtension\iedll64.dll, In Quarantäne, [7c81c2744933c07690179ee416eb8080],
PUP.Optional.SmartBar, C:\WINDOWS\Installer\MSI790B.tmp, In Quarantäne, [05f873c382fac86e9bb92608c13fd12f],
PUP.Optional.Astromenda.A, C:\WINDOWS\System32\Tasks\WSE_Astromenda, In Quarantäne, [9667f14568149b9b06352cfe52b11be5],
PUP.Optional.Astromenda.A, C:\WINDOWS\Tasks\WSE_Astromenda.job, In Quarantäne, [1de078be47353cfa61db53d7a95ac838],
PUP.Optional.Salus.A, C:\WINDOWS\System32\Drivers\salus.sys, In Quarantäne, [9c6105315c200a2c57a3e9495ba86799],
PUP.Optional.RegCleanerPro, C:\WINDOWS\System32\Tasks\ASP, In Quarantäne, [33ca15214339de58fb4e0b2a41c2966a],
PUP.Optional.BlockAndSurf.A, C:\WINDOWS\System32\Tasks\BlockAndSurf Update, In Quarantäne, [27d62c0aef8d80b6ba363f006b987789],
PUP.Optional.Trovi.A, C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\searchplugins\trovi-search.xml, In Quarantäne, [4db063d3e99381b5b38dd27837cc39c7],
PUP.Optional.BlockAndSurf.A, C:\WINDOWS\Tasks\BlockAndSurf Update.job, In Quarantäne, [3fbe87af87f577bfaa9d5df76f941ee2],
PUP.Optional.DefaultSearch.A, C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\searchplugins\default-search.xml, In Quarantäne, [fb02bf775c20d46287719fb508fb0ff1],
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [42bbd2643d3f59ddbb3e292be221728e],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [de1f9c9a0e6eed49a70e63f25da6cd33],
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\settings.json, In Quarantäne, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\CrashMon.exe, Löschen bei Neustart, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\CrashMon.log, In Quarantäne, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\UpdaterService.exe, Löschen bei Neustart, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\UpdaterService.log, Löschen bei Neustart, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.UniversalUpdater.A, C:\Program Files (x86)\Universal Updater\CrashReports\UpdaterService1.4.3.19.dmp, In Quarantäne, [f30ab97dbfbdb6807649b3ab8b78a15f],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\ProtocolFilters.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\CrashMon.exe, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\libeay32.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nfapi.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\Salus.exe, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\Salus.log, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\ssleay32.dll, Löschen bei Neustart, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\certutil.exe, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\mozcrt19.dll, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\nspr4.dll, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\nss3.dll, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\plc4.dll, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\plds4.dll, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\smime3.dll, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\nss\softokn3.dll, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\Salus\SSL\Salus CA.cer, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.Salus.A, C:\Program Files (x86)\Salus\Salus\SSL\Salus CA.pvk, In Quarantäne, [7786f0469fddcb6b6d4369321de75ca4],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe, In Quarantäne, [ae4fab8b4735b383716ece5854af44bc],
PUP.Optional.AddLyrics, C:\WINDOWS\System32\Drivers\webinstr.sys, In Quarantäne, [35c8a88e0676cd6900f3ba7449bae31d],
Rogue.Multiple, C:\ProgramData\374311380\BIT1938.tmp, In Quarantäne, [b84596a04e2e7cba29618d5c679b5ba5],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-21[21-42-02-671].log, In Quarantäne, [fffed0666913b3832ce0c24f30d334cc],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-22[22-43-24-178].log, In Quarantäne, [fffed0666913b3832ce0c24f30d334cc],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [fffed0666913b3832ce0c24f30d334cc],
PUP.Optional.SystemSpeedup, C:\Users\Mark\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [45b83303d2aade580f9ed53cab581fe1],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\upfst_de_180.cyl, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\upfst_de_180.exe, Löschen bei Neustart, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\user_profil.cyp, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\Download\majmp_gentleeu.exe, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\fst_de_180\1.20\cnf.cyl, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.FreeSoftToday.A, C:\Users\Mark\AppData\Local\fst_de_180\fst_de_180\1.20\eorezo.cyl, In Quarantäne, [9c617abcadcf12247aa6769cb94a7a86],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.196222\GoogleCrashHandler.exe, In Quarantäne, [30cd0a2c5b2126109c5e52c041c2d12f],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.196222\GoogleUpdate.exe, In Quarantäne, [30cd0a2c5b2126109c5e52c041c2d12f],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\GoogleCrashHandler.exe, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\GoogleUpdate.exe, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\GoogleUpdateBroker.exe, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\GoogleUpdateHelper.msi, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\GoogleUpdateOnDemand.exe, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\goopdate.dll, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\goopdateres_en.dll, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\npGoogleUpdate4.dll, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\psmachine.dll, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.264971\psuser.dll, In Quarantäne, [be3f290db4c89a9c8a70957dc63d2bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\GoogleCrashHandler.exe, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\GoogleUpdate.exe, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\GoogleUpdateBroker.exe, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\GoogleUpdateHelper.msi, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\GoogleUpdateOnDemand.exe, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\goopdate.dll, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\goopdateres_en.dll, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\npGoogleUpdate4.dll, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\psmachine.dll, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.406286\psuser.dll, In Quarantäne, [e11c67cf027ade588a7068aa07fce31d],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.461240\GoogleCrashHandler.exe, In Quarantäne, [b944ee4892ea0e28ad4d829037ccab55],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.461240\GoogleUpdate.exe, In Quarantäne, [b944ee4892ea0e28ad4d829037ccab55],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.461240\GoogleUpdateBroker.exe, In Quarantäne, [b944ee4892ea0e28ad4d829037ccab55],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.461240\GoogleUpdateHelper.msi, In Quarantäne, [b944ee4892ea0e28ad4d829037ccab55],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\GoogleCrashHandler.exe, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\GoogleUpdate.exe, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\GoogleUpdateBroker.exe, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\GoogleUpdateHelper.msi, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\GoogleUpdateOnDemand.exe, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\goopdate.dll, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\goopdateres_en.dll, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\npGoogleUpdate4.dll, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\psmachine.dll, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.GlobalUpdate.A, C:\Users\Mark\AppData\Local\Temp\comh.474771\psuser.dll, In Quarantäne, [c33aa88ec8b4310525d5769c13f08c74],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\del_DM_LL_nsaA3E9.dll, In Quarantäne, [3bc23df96f0d5ed8b1868491c0436d93],
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\del_DM_LL_nsaA3E9.dll, In Quarantäne, [3bc23df96f0d5ed8b1868491c0436d93],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Mark\AppData\Roaming\Systweak\Advanced-System-Protector\Settings.db, In Quarantäne, [7a8394a20775f93dcd7a66b1eb187d83],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Mark\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665\ASPLog.txt, In Quarantäne, [7a8394a20775f93dcd7a66b1eb187d83],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5\ctr.ico, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.Astromenda.A, C:\Users\Mark\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, In Quarantäne, [7984c571512bd561d251fe1e2bd8926e],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro\spbihe.js, In Quarantäne, [f10c0432cfad0a2cbd901b0230d354ac],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\libeay32.dll, In Quarantäne, [9f5e5fd73b413303818a071fd132db25],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll, In Quarantäne, [9f5e5fd73b413303818a071fd132db25],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll, In Quarantäne, [9f5e5fd73b413303818a071fd132db25],
PUP.Optional.CouponArific.A, C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ssleay32.dll, In Quarantäne, [9f5e5fd73b413303818a071fd132db25],
PUP.Optional.QuickStart.A, C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[5e9fee48d8a4bb7b42d09bd1dc29e020]
PUP.Optional.Trovi, C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "Trovi search");), Ersetzt,[ac518fa7562686b068fd6804c441629e]
PUP.Optional.Trovi, C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "Trovi search");), Ersetzt,[50ad122498e41323e086a0cc2fd6e61a]
PUP.Optional.Trovi.A, C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=M36242DC1-51E2-41E1-BEF7-92104E5ABCF7&SearchSource=55&CUI=&UM=6&UP=SP7DE26576-1157-464E-B46D-0977A5C43144&SSPV=");), Ersetzt,[da233303b3c968ced51eb2ba21e4a060]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.002 - Bericht erstellt am 02/11/2014 um 21:14:35
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Mark - ACER
# Gestartet von : C:\Users\Mark\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : netfilter64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Mark\AppData\Local\Astromenda
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\FirefoxToolbar
Ordner Gelöscht : C:\Program Files (x86)\FlvPlayer
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Ordner Gelöscht : C:\Program Files (x86)\FoxTab
Ordner Gelöscht : C:\Users\Mark\AppData\Local\globalUpdate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Users\Mark\AppData\Local\Linkey
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Mark\Documents\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\Settings Manager
Ordner Gelöscht : C:\Users\Public\Documents\ShopperPro
Ordner Gelöscht : C:\Users\Mark\AppData\LocalLow\SiteRanker
Ordner Gelöscht : C:\Users\Sabiye\AppData\LocalLow\SiteRanker
Ordner Gelöscht : C:\SmootherWeb
Ordner Gelöscht : C:\Users\Mark\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Program Files (x86)\Yawtix
Ordner Gelöscht : C:\Users\Mark\AppData\Local\Temp\Yawtix
Ordner Gelöscht : C:\Users\Mark\AppData\Local\Temp\ClearThink
Ordner Gelöscht : C:\Users\Mark\AppData\Local\CrashRpt
Ordner Gelöscht : C:\ProgramData\ttpErfectceoupuOn
Ordner Gelöscht : C:\Program Files (x86)\ttpErfectceoupuOn
Datei Gelöscht : C:\Users\Mark\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\invalidprefs.js
Datei Gelöscht : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default\user.js

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : ASP
Task Gelöscht : LaunchSignup
Task Gelöscht : YTDownloader

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{56ECA8F3-137B-5B92-3D29-079D46759E21}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{71eaa7b3-4428-4727-8884-c48b565064a2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71eaa7b3-4428-4727-8884-c48b565064a2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{71eaa7b3-4428-4727-8884-c48b565064a2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\clicup
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\TermTutor
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmootherWeb
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17116


-\\ Mozilla Firefox v33.0.2 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [8766 octets] - [02/11/2014 20:49:43]
AdwCleaner[S0].txt - [8511 octets] - [02/11/2014 21:14:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8571 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8 x64
Ran by Mark on 02.11.2014 at 21:23:00,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util clearthink



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\0r42q1se.default\prefs.js

user_pref("extensions.xUrnMXk4nzZwkm3G.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
Emptied folder: C:\Users\Mark\AppData\Roaming\mozilla\firefox\profiles\0r42q1se.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.11.2014 at 21:26:01,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Mark (administrator) on ACER on 02-11-2014 21:28:19
Running from C:\Users\Mark\Desktop
Loaded Profile: Mark (Available profiles: Mark & Sabiye & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System INC.) C:\WINDOWS\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2613370363-1168659386-1177263031-1001\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-03] (Spotify Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2613370363-1168659386-1177263031-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {B8D7FB5F-AA1F-4CDD-8C7F-D2394C074E47} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_38_ie&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyByEtB0A0D0C0Czz0D0A0BtN0D0Tzu0SzyzyyDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0CtD0CyDzz0EtG0B0AtAtBtGtA0CyEtCtGtDzytD0AtGyByB0AtA0A0EyC0CtB0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0BzyyBtB0EyEtGtC0E0EyDtGyEtC0CyDtG0BtCtB0EtG0EtCtByEtDyB0DtAzz0D0ByE2Q&cr=1526756493&ir=
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-08-24] (Dritek System INC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-08-24] (Dritek System Inc.)
S3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [156672 2013-03-01] (Microsoft Corporation) [File not signed]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 21:28 - 2014-11-02 21:28 - 00000000 ____D () C:\Users\Mark\Desktop\FRST-OlderVersion
2014-11-02 21:26 - 2014-11-02 21:26 - 00001541 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-11-02 21:22 - 2014-11-02 21:22 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-02 21:21 - 2014-11-02 21:22 - 01706359 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-11-02 21:19 - 2014-11-02 21:19 - 00001005 _____ () C:\Users\Mark\Desktop\AdwCleaner[S0].txt - Verknüpfung.lnk
2014-11-02 20:49 - 2014-11-02 21:14 - 00000000 ____D () C:\AdwCleaner
2014-11-02 20:47 - 2014-11-02 20:47 - 01998336 _____ () C:\Users\Mark\Desktop\AdwCleaner_4.002.exe
2014-11-02 20:41 - 2014-11-02 20:41 - 00060808 _____ () C:\Users\Mark\Desktop\mbam.txt
2014-11-02 20:10 - 2014-11-02 21:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 20:10 - 2014-11-02 20:10 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 20:10 - 2014-11-02 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 20:09 - 2014-11-02 20:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 20:09 - 2014-11-02 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 20:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-02 20:09 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-02 20:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-02 20:05 - 2014-11-02 20:05 - 00001272 _____ () C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2014-11-02 20:05 - 2014-11-02 20:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-02 20:04 - 2014-11-02 20:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mark\Desktop\revosetup95.exe
2014-11-02 10:01 - 2014-11-02 10:01 - 00023633 _____ () C:\Users\Mark\Desktop\Addition.txt
2014-11-02 10:00 - 2014-11-02 21:28 - 00009092 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-11-02 09:59 - 2014-11-02 21:28 - 00000000 ____D () C:\FRST
2014-11-02 09:58 - 2014-11-02 21:28 - 02114560 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-11-01 20:17 - 2014-11-01 20:18 - 00000000 ____D () C:\NPE
2014-11-01 20:15 - 2014-11-01 20:39 - 00000000 ____D () C:\Users\Mark\AppData\Local\NPE
2014-11-01 13:09 - 2014-11-01 13:09 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-01 13:09 - 2014-11-01 13:09 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-01 13:09 - 2014-11-01 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-29 23:19 - 2014-10-29 23:19 - 00000303 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2014-10-28 21:43 - 2014-10-29 21:17 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-10-28 20:29 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2014-10-28 20:29 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2014-10-28 20:29 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-10-28 20:29 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-28 20:29 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 20:29 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-10-26 21:50 - 2014-10-26 21:51 - 00001568 _____ () C:\WINDOWS\comsetup.log
2014-10-26 21:14 - 2014-10-26 21:14 - 00013312 ___SH () C:\Users\Mark\Documents\Thumbs.db
2014-10-26 10:09 - 2014-10-26 10:09 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_de_av___ws (1).exe
2014-10-26 10:09 - 2014-10-26 10:09 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Avira
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-26 10:08 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-26 10:08 - 2014-10-26 10:08 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_de_av___ws.exe
2014-10-26 09:53 - 2014-10-26 09:53 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{4BA85958-647D-4D3D-AC14-3B37BCBD526B}
2014-10-23 21:04 - 2014-11-01 13:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 21:04 - 2014-10-23 21:05 - 00000000 ____D () C:\Users\Mark\AppData\Local\Google
2014-10-19 19:10 - 2014-10-20 20:09 - 00000000 ____D () C:\ProgramData\LizardSales
2014-10-19 09:13 - 2014-10-20 20:09 - 00000000 ____D () C:\ProgramData\19c72af7068c06b2
2014-10-16 22:42 - 2014-10-17 19:20 - 00202752 ___SH () C:\Users\Mark\Desktop\Thumbs.db
2014-10-16 18:59 - 2014-10-16 18:59 - 00281784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 18:32 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-16 18:32 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 17:15 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 17:15 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 16:08 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-10-15 16:08 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-10-15 16:08 - 2014-07-12 01:02 - 00478352 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-10-15 16:08 - 2014-07-12 01:00 - 00478352 _____ () C:\WINDOWS\system32\locale.nls
2014-10-15 16:08 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-10-15 16:08 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-10-15 16:08 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-10-15 16:08 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-10-15 16:08 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2014-10-15 16:08 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-10-15 16:08 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-10-15 16:08 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 16:08 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 16:08 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-10-15 16:08 - 2014-06-28 07:57 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-10-15 16:08 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-10-15 16:08 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-15 16:08 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-15 16:08 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-10-15 16:08 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-10-15 16:08 - 2014-06-13 00:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-10-15 16:08 - 2014-06-13 00:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-10-15 16:08 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-10-15 16:08 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-10-15 16:08 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-10-15 16:08 - 2014-05-30 00:31 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-15 16:08 - 2014-05-30 00:03 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-15 16:08 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-10-15 16:07 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 16:07 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 16:07 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 16:07 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 16:07 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 16:07 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-10-15 16:07 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-10-15 16:07 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-10-15 16:07 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2014-10-15 16:07 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 16:07 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2014-10-15 16:07 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2014-10-15 16:07 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 16:07 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2014-10-15 16:06 - 2014-09-28 05:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 16:06 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 16:06 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-10-15 16:06 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 16:06 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-10-15 16:06 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-10-15 16:06 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 16:06 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-10-15 16:06 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 16:06 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-10-15 16:06 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-10-15 16:06 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-10-15 16:06 - 2014-08-30 06:48 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-15 16:06 - 2014-08-30 06:46 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 16:06 - 2014-08-30 05:05 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-15 16:06 - 2014-08-30 05:03 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 16:06 - 2014-08-01 23:08 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 16:06 - 2014-07-24 14:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-10-15 16:06 - 2014-07-17 00:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2014-10-15 16:06 - 2014-07-16 23:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-10-15 16:06 - 2014-07-16 23:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2014-10-15 16:06 - 2014-07-12 07:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2014-10-15 16:06 - 2014-07-12 05:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-10-15 16:06 - 2014-07-12 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-10-15 16:06 - 2014-07-12 05:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-10-15 16:06 - 2014-07-12 05:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-10-15 16:06 - 2014-06-28 07:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-10-15 16:06 - 2014-06-28 03:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-10-03 14:10 - 2014-10-03 14:10 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 21:28 - 2013-08-24 15:21 - 01878357 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-02 21:22 - 2014-09-21 20:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2613370363-1168659386-1177263031-1001
2014-11-02 21:21 - 2013-08-25 01:00 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-02 21:21 - 2013-08-25 01:00 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-02 21:21 - 2012-07-26 08:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-02 21:17 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-02 21:16 - 2013-04-18 03:46 - 00349938 _____ () C:\WINDOWS\PFRO.log
2014-11-02 21:16 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-02 21:14 - 2014-09-21 20:31 - 00001087 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-02 21:14 - 2014-09-21 20:11 - 00000957 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-02 21:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-02 20:39 - 2014-10-02 23:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-01 20:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-01 19:40 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-01 13:10 - 2014-09-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-01 11:24 - 2014-09-21 20:11 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-10-31 16:33 - 2014-09-22 21:43 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Spotify
2014-10-30 18:01 - 2013-12-15 01:47 - 00000000 ____D () C:\Users\Mark\Desktop\Telekomrechnungen
2014-10-30 17:55 - 2013-12-10 20:55 - 00000000 ____D () C:\Users\Mark\Downloads\Rechnungen Telekom
2014-10-30 17:24 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-29 22:18 - 2014-09-27 20:09 - 00955904 ___SH () C:\Users\Mark\Downloads\Thumbs.db
2014-10-28 21:43 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-28 21:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-26 23:00 - 2014-09-24 16:19 - 00000000 ___HD () C:\$Windows.~BT
2014-10-26 22:14 - 2014-02-07 23:40 - 00000000 __SHD () C:\Recovery
2014-10-26 21:54 - 2014-09-21 20:04 - 00064773 _____ () C:\WINDOWS\diagwrn.xml
2014-10-26 21:54 - 2014-09-21 20:04 - 00064773 _____ () C:\WINDOWS\diagerr.xml
2014-10-26 21:54 - 2012-07-26 08:21 - 00686186 _____ () C:\WINDOWS\setupact.log
2014-10-26 21:53 - 2012-07-26 09:13 - 00003611 _____ () C:\WINDOWS\DtcInstall.log
2014-10-26 21:50 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-26 21:36 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-10-26 21:25 - 2014-09-21 20:09 - 00000000 ____D () C:\Users\Mark\AppData\Local\Packages
2014-10-26 10:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-26 09:57 - 2013-04-18 05:36 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-26 09:56 - 2013-04-18 05:36 - 00000000 ____D () C:\Program Files\mcafee
2014-10-26 09:56 - 2013-04-18 05:36 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-10-26 09:53 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-10-23 23:02 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-23 23:02 - 2012-07-26 08:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-22 20:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-16 18:28 - 2014-09-24 19:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 18:28 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 18:26 - 2014-09-24 19:24 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-09 21:43 - 2014-09-22 21:44 - 00000000 ____D () C:\Users\Mark\AppData\Local\Spotify
2014-10-06 20:11 - 2014-09-29 22:42 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-06 19:00 - 2013-04-18 05:31 - 00000000 ____D () C:\Program Files (x86)\Intel

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\babcabebbbce.exe
C:\Users\Mark\AppData\Local\Temp\bwvw_n1a.dll
C:\Users\Mark\AppData\Local\Temp\crossrider_uninstaller.exe
C:\Users\Mark\AppData\Local\Temp\optprosetup.exe
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe
C:\Users\Mark\AppData\Local\Temp\sqlite3.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite24813.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite27342.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite29441.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite30974.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite35178.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite49474.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite50022.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite50849.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite51136.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite59590.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite61605.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite63611.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite66088.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite66355.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite67355.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite67673.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite72319.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite72499.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite78697.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite82926.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite84745.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite89281.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite93476.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite95969.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite96205.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite97066.dll
C:\Users\Mark\AppData\Local\Temp\ttap2.dll
C:\Users\Mark\AppData\Local\Temp\ttap2.exe
C:\Users\Mark\AppData\Local\Temp\tu17p84.exe
C:\Users\Mark\AppData\Local\Temp\uoEK5.exe
C:\Users\Mark\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 19:37

==================== End Of Log ============================
--- --- ---


Wir schauen nun mal, ob sich Firefox wieder normal öffnen lässt.
Danke!

schrauber 03.11.2014 16:31

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Zitronentee 04.11.2014 22:58
Hallo,

alles ausgeführt!

Probleme sind seit Sonntag keine mehr aufgetreten (jedenfalls nicht bemerkt). :)

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8dd380a87cc9114fab70861d0c74d581
# engine=20930
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-04 09:44:06
# local_time=2014-11-04 10:44:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 36124 19528335 0 0
# scanned=171439
# found=68
# cleaned=0
# scan_time=4982
sh=744A0640927DA7065DC79212074BF7D69FDD316F ft=1 fh=0394227f5f901456 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\SmootherWeb\Uninstall.exe.vir"
sh=169A8414194C6FA02C871275B7AA987C031EC89A ft=1 fh=962d78ee385e317a vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=F035E14E0D228338151029947B1E80EB164E41A4 ft=1 fh=7ddf81bba430d429 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu64.dll"
sh=30BD8D12255AE8582127DF1ED6477E4332042DB4 ft=1 fh=439475d7fe72fc73 vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\nslD161.tmp"
sh=30BD8D12255AE8582127DF1ED6477E4332042DB4 ft=1 fh=439475d7fe72fc73 vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\nspFDBF.tmp"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\F9SNR7BN\spstub[1].exe"
sh=E9956DC4F082D1580AAED77C94EE6EB49357174A ft=1 fh=2c96518fc3a294c1 vn="Win32/Verti.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\F9SNR7BN\StormWatchSetup[1].exe"
sh=4D5BCAF7DA3328A7D1BD1A0CF7A1BDA849AA2827 ft=1 fh=0cad1a1c2cfc631b vn="Win32/Verti.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\F9SNR7BN\StormWatchSetup_dist_1.0.1.10[1].exe"
sh=030AD18F823D1EB34F468CC4126A17555055F71C ft=1 fh=20230c57ed3eb8bf vn="Win32/OutBrowse.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\SHONYHDD\SearchProtectGeneric2[1].exe"
sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\XKTVN2LV\VuuPC-Installer[1].exe"
sh=9DF4EA0B9CB1D953184D380A961FC03F07F8A8FF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ZZACKOD8\91[2].js"
sh=36FB49D001D33FCCD8E47541CDE7E8EE596BAEC6 ft=0 fh=0000000000000000 vn="SWF/Exploit.ExKit.M Trojaner" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ZZACKOD8\KKxV-y5H-WYZzXXe1ZzssOXOPzrF6yTpmKAl6YefoDiFSe9ggZwegVXRcQP5SLf-[1].swf"
sh=6EF4897218783A16321CC278228CACF27CA8A054 ft=1 fh=a28803da2b48f59f vn="Variante von Win32/OutBrowse.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\babcabebbbce.exe"
sh=F4896C71BAD637AC4AB868ADF0EF064CAC9C9AF6 ft=1 fh=d1f68addf6aa0b66 vn="Win32/AdWare.Agent.NNV Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\crossrider_uninstaller.exe"
sh=277AF3C9B2D0384D0F9DF205A1CCE6ECD51989D0 ft=1 fh=954f03202f41dc94 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\ICReinstall_nsnE5DE.tmp"
sh=277AF3C9B2D0384D0F9DF205A1CCE6ECD51989D0 ft=1 fh=954f03202f41dc94 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\nsnE5DE.tmp"
sh=723BADCA68940659B7EC8661AE65F83E98AC14C0 ft=1 fh=5a7a23a80238eadf vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\nso17AE.tmp"
sh=30BD8D12255AE8582127DF1ED6477E4332042DB4 ft=1 fh=439475d7fe72fc73 vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\nspFDBF.tmp"
sh=C1D78D4FCA3A060B7E7435C88DE2C72B326FE7E6 ft=1 fh=5b39ac7221466c9f vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Mark\AppData\Local\Temp\optprosetup.exe"
sh=976BFE19D4FD2C4B051AE49C952038651956AD3B ft=1 fh=3fa81d351a31970a vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\tu17p84.exe"
sh=AF42CD2E976EBEEBF740C9424E40AD02FDD8529F ft=1 fh=c71c00114bececcd vn="Variante von Win32/Adware.AddLyrics.CL Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\uoEK5.exe"
sh=7C6F9EEB5C0AB6D6EFF7142A584A72E5AB356086 ft=1 fh=cb9d7434d7e2a8f2 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\91412180967\1_Offer_10.exe"
sh=7C6F9EEB5C0AB6D6EFF7142A584A72E5AB356086 ft=1 fh=cb9d7434d7e2a8f2 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\91412180986\1_Offer_10.exe"
sh=4F4079E9D3C0857F6EEA6F8B85DBBC83E25B3BD6 ft=1 fh=8c4491e5ca18f996 vn="Win32/SpeedBit.B.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\Install_30458\shopperpro.exe"
sh=60BDDBB84E3229AC4B8577570F7E4400CE6E0645 ft=1 fh=ee342f5be91aaa8f vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\Install_30458\ytd.exe"
sh=BE92D7E0D5474A94750B0F1803BA4A5616BD2CCE ft=1 fh=670dafa91f79c6f1 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-03ML8.tmp\package_regclean_installer_multilang.exe"
sh=61ED0352C4D16628107B193E172BC786F78319AD ft=1 fh=2370297b7606cf0a vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-03ML8.tmp\package_ytd_installer_multilang.exe"
sh=A5FADC0F61A4D2BE389CB2101AC5BF06D451C6F0 ft=1 fh=7c3d33c2fe8b32c9 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-35UOG.tmp\gentlemjmp_ieu.exe"
sh=FAFD6B9DD12CA64ACB04E550E1AFA55AB7CE8ACE ft=1 fh=7d729b8535681a74 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-4JHML.tmp\gentlemjmp_ieu.exe"
sh=0410554270D07D9D29DD4ECABF2792985535FB8B ft=1 fh=7ed4bbda60a35b2a vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-6K8UK.tmp\gentlemjmp_ieu.exe"
sh=8624F93A566C5E72C059D17ECAE6E9D25CFA0146 ft=1 fh=95d169505cf360b4 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-6QSGR.tmp\gentlemjmp_ieu.exe"
sh=C565737D1EF40917D184AADE4C34438CB3171B9C ft=1 fh=89b5d648f8002875 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-DQPM1.tmp\gentlemjmp_ieu.exe"
sh=A5FADC0F61A4D2BE389CB2101AC5BF06D451C6F0 ft=1 fh=7c3d33c2fe8b32c9 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-E5F0J.tmp\gentlemjmp_ieu.exe"
sh=BA7CAFF4DEC70F53C8608B718ED6E5B1937954ED ft=1 fh=c3eb8b0456180f29 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-ERETE.tmp\gentlemjmp_ieu.exe"
sh=C51F1F05EED0EF5DDEEC7883E66C05D5DD1414EA ft=1 fh=2c5fbf5f97d9096e vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-HEKUP.tmp\gentlemjmp_ieu.exe"
sh=9671A7C687CE4C01C858C83B0D0CB59F3E2AB542 ft=1 fh=395b467e88a02033 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-HU42Q.tmp\gentlemjmp_ieu.exe"
sh=4BE7F60A10B3CD7B0C23ECD82DA06AA1509CC1BD ft=1 fh=a69c74df5f881f66 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-JKQJR.tmp\gentlemjmp_ieu.exe"
sh=0410554270D07D9D29DD4ECABF2792985535FB8B ft=1 fh=7ed4bbda60a35b2a vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-KEA0T.tmp\gentlemjmp_ieu.exe"
sh=CD9E05F7BA583EA9ABF9097B86192F3EE432544F ft=1 fh=8ec9e12ac3fbdd39 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-LPKPA.tmp\gentlemjmp_ieu.exe"
sh=46AB74062AD03CBCE794EF018B011DB357E3073E ft=1 fh=02f867d3990ff161 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-M0C79.tmp\gentlemjmp_ieu.exe"
sh=938DC6068DBD6B17F2F9B43E4326ECAE40A839CD ft=1 fh=6dcd021065f60fa1 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-NNSNJ.tmp\gentlemjmp_ieu.exe"
sh=319F0EDAB2D588353F04AE5492E3BE63FB37240B ft=1 fh=8afeb0401edbeb54 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is-UL43S.tmp\gentlemjmp_ieu.exe"
sh=C97D233F2A30F1FCB4424A3F8DBA51BE95EBB0E5 ft=1 fh=2c22998c77391344 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is281105613\1049063_stp\rcpsetup_adppi12_adppi12.exe"
sh=F170817EF846D706BA4F21B09880A34E39336D1A ft=1 fh=929516c5e64dec92 vn="Win32/VOPackage.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is45637729\1974965_stp\Generic_vo.exe"
sh=B9A3CF10EE4ADD52502791B1BED888522C8B4FED ft=1 fh=49b79269735ba1c9 vn="Win32/VOPackage.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\is45637729\2237124_stp\Generic_vo.exe"
sh=03BB5B54C4481C6541793D65E2930E77411F6BCB ft=1 fh=3a25e9b0f94ca1fe vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Mark\AppData\Local\Temp\LIL1333.tmp\optimizerpro.exe"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=6DCC13A366785A704F46E8E25942B34855909256 ft=1 fh=d5332291222fca7d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\spbe.dll"
sh=45A9E5328644E080C54C5F698851F45538944E18 ft=1 fh=e8d62f7bd8f8b91a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\spbl.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\srptc.dll"
sh=0245CD046791D326380C1B884024FD7C2F3FF831 ft=1 fh=ec54f2db7e2fe2a1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\MSI790B.tmp-\srpu.dll"
sh=9A2FBD9CFAAACF44114D4A13D54E67ECB9103402 ft=1 fh=1c5f6d1e0fa20a93 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\n2554\pcspeedup.exe"
sh=A49006F5BEC6E878611E914237B0DE688FE95948 ft=1 fh=6a49bc98894b264e vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\n2554\s2554.exe"
sh=DC93D0947FC64537A948E6F066AB0836CE38319A ft=1 fh=b01bf569a170e2ef vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\n5715\s5715.exe"
sh=80BD4759952944735E0C82BCC00AA15516E95A90 ft=1 fh=1ab11c6a97f5ee6b vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\n7441\s7441.exe"
sh=80BD4759952944735E0C82BCC00AA15516E95A90 ft=1 fh=1ab11c6a97f5ee6b vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\n7532\s7532.exe"
sh=1FD165FA92A474FFEB2B4F3FC55D9A2E379C5F88 ft=1 fh=c55ee1fcf121ede7 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\n7532\SmootherWeb_0909-20525fcb.exe"
sh=88D2CA27E39954DCA852ACA133F716EED2DADD0C ft=1 fh=32bd9f5f10f3916f vn="Variante von Win32/AdWare.Agent.NNV Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\nsjE2EB.tmp\ConsoleLauncher.exe"
sh=D252799963226D0883755E88466939D7D10C1227 ft=1 fh=cfdaa09e7e5b040b vn="Variante von Win32/AdWare.Agent.NNV Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\nsjE2EB.tmp\HiddenConsole.exe"
sh=C9A50310D790A4B4585E0B4D776AC97F57882672 ft=1 fh=55444eab3ab3ff24 vn="Variante von Win32/AdWare.Agent.NNV Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\nspE57B.tmp\ConsoleLauncher.exe"
sh=40F610F4DB96B62D2E8CEA935184194C7B293D2E ft=1 fh=7f942843bc24e36e vn="Variante von Win32/AdWare.Agent.NNV Anwendung" ac=I fn="C:\Users\Mark\AppData\Local\Temp\nspE57B.tmp\HiddenConsole.exe"
sh=F4896C71BAD637AC4AB868ADF0EF064CAC9C9AF6 ft=1 fh=d1f68addf6aa0b66 vn="Win32/AdWare.Agent.NNV Anwendung" ac=I fn="C:\WINDOWS\Temp\crossrider_uninstaller.exe"
sh=4E6EAEED68B83D48916F5618FD35712ADAE2C29E ft=1 fh=d60b92df374a29cb vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\WINDOWS\Temp\52177010\patch_ff.exe"
Code:
Results of screen317's Security Check version 0.99.89 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player        15.0.0.152 
 Mozilla Firefox (33.0.2)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbam.exe 
 Windows Defender MsMpEng.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Mark (administrator) on ACER on 04-11-2014 22:51:07
Running from \\ACER\Users\Mark\Scanndateien
Loaded Profiles: Mark & Sabiye (Available profiles: Mark & Sabiye & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System INC.) C:\WINDOWS\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Intel Corporation) C:\WINDOWS\System32\igfxTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Farbar) \\ACER\Users\Mark\Scanndateien\FRST64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2613370363-1168659386-1177263031-1001\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-03] (Spotify Ltd)
HKU\S-1-5-21-2613370363-1168659386-1177263031-1004\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
HKU\S-1-5-21-2613370363-1168659386-1177263031-1004\...\Run: [smoother] => C:\Users\Sabiye\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe
HKU\S-1-5-21-2613370363-1168659386-1177263031-1004\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-03] (Spotify Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2613370363-1168659386-1177263031-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {B8D7FB5F-AA1F-4CDD-8C7F-D2394C074E47} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_38_ie&cd=2XzuyEtN2Y1L1QzuyDyE0B0E0FyByEtB0A0D0C0Czz0D0A0BtN0D0Tzu0SzyzyyDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0CtD0CyDzz0EtG0B0AtAtBtGtA0CyEtCtGtDzytD0AtGyByB0AtA0A0EyC0CtB0FtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0BzyyBtB0EyEtGtC0E0EyDtGyEtC0CyDtG0BtCtB0EtG0EtCtByEtDyB0DtAzz0D0ByE2Q&cr=1526756493&ir=
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\0r42q1se.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-08-24] (Dritek System INC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-08-24] (Dritek System Inc.)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 22:48 - 2014-11-04 22:48 - 00854448 _____ () C:\Users\Mark\Downloads\SecurityCheck.exe
2014-11-04 21:59 - 2014-11-04 21:59 - 00000000 ____D () C:\Users\Sabiye\AppData\Local\BMExplorer
2014-11-04 21:19 - 2014-11-04 21:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-04 21:17 - 2014-11-04 21:17 - 02347384 _____ (ESET) C:\Users\Mark\Downloads\esetsmartinstaller_deu.exe
2014-11-03 09:14 - 2014-11-03 09:14 - 00000000 ____D () C:\Users\Sabiye\AppData\Roaming\Macromedia
2014-11-03 09:14 - 2014-11-03 09:14 - 00000000 ____D () C:\Users\Sabiye\AppData\Roaming\Adobe
2014-11-03 09:14 - 2014-11-03 09:14 - 00000000 ____D () C:\Users\Sabiye\AppData\Local\Macromedia
2014-11-03 08:39 - 2014-11-03 08:39 - 00000000 ____D () C:\Users\Sabiye\AppData\Roaming\Mozilla
2014-11-03 08:39 - 2014-11-03 08:39 - 00000000 ____D () C:\Users\Sabiye\AppData\Roaming\Atheros
2014-11-03 08:39 - 2014-11-03 08:39 - 00000000 ____D () C:\Users\Sabiye\AppData\Local\Mozilla
2014-11-03 08:38 - 2014-11-03 08:39 - 00000000 ____D () C:\Users\Sabiye\AppData\Local\Packages
2014-11-03 08:38 - 2014-11-03 08:38 - 00000020 ___SH () C:\Users\Sabiye\ntuser.ini
2014-11-03 08:38 - 2014-11-03 08:38 - 00000000 ____D () C:\Users\Sabiye\AppData\Local\VirtualStore
2014-11-02 23:05 - 2014-11-04 22:51 - 00000000 ____D () C:\Users\Mark\Scanndateien
2014-11-02 23:05 - 2014-11-02 23:05 - 00002185 _____ () C:\Users\Mark\Desktop\Scanndateien Trojaner.lnk
2014-11-02 21:22 - 2014-11-02 21:22 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-02 20:49 - 2014-11-02 21:14 - 00000000 ____D () C:\AdwCleaner
2014-11-02 20:10 - 2014-11-04 21:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 20:10 - 2014-11-02 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 20:09 - 2014-11-02 20:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 20:09 - 2014-11-02 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 20:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-02 20:09 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-02 20:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-02 20:05 - 2014-11-02 20:05 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-02 09:59 - 2014-11-04 22:51 - 00000000 ____D () C:\FRST
2014-11-01 20:17 - 2014-11-01 20:18 - 00000000 ____D () C:\NPE
2014-11-01 20:15 - 2014-11-01 20:39 - 00000000 ____D () C:\Users\Mark\AppData\Local\NPE
2014-11-01 13:09 - 2014-11-01 13:09 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-01 13:09 - 2014-11-01 13:09 - 00001155 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-01 13:09 - 2014-11-01 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-29 23:19 - 2014-10-29 23:19 - 00000303 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2014-10-28 21:43 - 2014-10-29 21:17 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2014-10-28 20:29 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2014-10-28 20:29 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2014-10-28 20:29 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-10-28 20:29 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-28 20:29 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2014-10-28 20:29 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 20:29 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2014-10-26 21:50 - 2014-10-26 21:51 - 00001568 _____ () C:\WINDOWS\comsetup.log
2014-10-26 21:14 - 2014-10-26 21:14 - 00013312 ___SH () C:\Users\Mark\Documents\Thumbs.db
2014-10-26 10:09 - 2014-10-26 10:09 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_de_av___ws (1).exe
2014-10-26 10:09 - 2014-10-26 10:09 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\ProgramData\Avira
2014-10-26 10:09 - 2014-10-26 10:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-26 10:08 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-26 10:08 - 2014-10-26 10:08 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mark\Downloads\avira_de_av___ws.exe
2014-10-26 09:53 - 2014-10-26 09:53 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{4BA85958-647D-4D3D-AC14-3B37BCBD526B}
2014-10-23 21:04 - 2014-11-01 13:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 21:04 - 2014-10-23 21:05 - 00000000 ____D () C:\Users\Mark\AppData\Local\Google
2014-10-19 19:10 - 2014-10-20 20:09 - 00000000 ____D () C:\ProgramData\LizardSales
2014-10-19 09:13 - 2014-10-20 20:09 - 00000000 ____D () C:\ProgramData\19c72af7068c06b2
2014-10-16 22:42 - 2014-10-17 19:20 - 00202752 ___SH () C:\Users\Mark\Desktop\Thumbs.db
2014-10-16 18:59 - 2014-10-16 18:59 - 00281784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 18:32 - 2014-09-29 23:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-16 18:32 - 2014-09-29 23:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-15 17:15 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 17:15 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 16:08 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-10-15 16:08 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-10-15 16:08 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-10-15 16:08 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-10-15 16:08 - 2014-07-12 01:02 - 00478352 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-10-15 16:08 - 2014-07-12 01:00 - 00478352 _____ () C:\WINDOWS\system32\locale.nls
2014-10-15 16:08 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-10-15 16:08 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-10-15 16:08 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-10-15 16:08 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-10-15 16:08 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2014-10-15 16:08 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-10-15 16:08 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-10-15 16:08 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 16:08 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 16:08 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-10-15 16:08 - 2014-06-28 07:57 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-10-15 16:08 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-10-15 16:08 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-15 16:08 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-15 16:08 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-10-15 16:08 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-10-15 16:08 - 2014-06-13 00:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-10-15 16:08 - 2014-06-13 00:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-10-15 16:08 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-10-15 16:08 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-10-15 16:08 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-10-15 16:08 - 2014-05-30 00:31 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-15 16:08 - 2014-05-30 00:03 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-15 16:08 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-10-15 16:07 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 16:07 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 16:07 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 16:07 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 16:07 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 16:07 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-10-15 16:07 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-10-15 16:07 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-10-15 16:07 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2014-10-15 16:07 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 16:07 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2014-10-15 16:07 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2014-10-15 16:07 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 16:07 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2014-10-15 16:06 - 2014-09-28 05:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 16:06 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 16:06 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-10-15 16:06 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-10-15 16:06 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-10-15 16:06 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 16:06 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-10-15 16:06 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-10-15 16:06 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-10-15 16:06 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 16:06 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-10-15 16:06 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 16:06 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-10-15 16:06 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-10-15 16:06 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-10-15 16:06 - 2014-08-30 06:48 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-15 16:06 - 2014-08-30 06:46 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 16:06 - 2014-08-30 05:05 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-15 16:06 - 2014-08-30 05:03 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 16:06 - 2014-08-01 23:08 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 16:06 - 2014-07-24 14:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-10-15 16:06 - 2014-07-17 00:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2014-10-15 16:06 - 2014-07-16 23:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-10-15 16:06 - 2014-07-16 23:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2014-10-15 16:06 - 2014-07-12 07:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2014-10-15 16:06 - 2014-07-12 05:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-10-15 16:06 - 2014-07-12 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-10-15 16:06 - 2014-07-12 05:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-10-15 16:06 - 2014-07-12 05:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-10-15 16:06 - 2014-06-28 07:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-10-15 16:06 - 2014-06-28 03:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 22:39 - 2014-10-02 23:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-04 22:06 - 2014-09-21 20:17 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2613370363-1168659386-1177263031-1001
2014-11-04 22:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-04 21:57 - 2013-08-24 15:37 - 00000000 ____D () C:\ProgramData\Atheros
2014-11-04 16:19 - 2014-02-25 10:29 - 00000000 ____D () C:\Users\Sabiye\Desktop\Bewerbungen
2014-11-04 14:00 - 2013-08-24 15:21 - 02070067 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-03 14:57 - 2014-09-21 20:04 - 00000000 ____D () C:\Users\Sabiye
2014-11-03 09:54 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-11-03 08:39 - 2014-09-04 06:15 - 00000000 ____D () C:\Users\Sabiye\Desktop\Verschiedenes
2014-11-03 08:39 - 2014-02-24 16:43 - 00175104 ___SH () C:\Users\Sabiye\Desktop\Thumbs.db
2014-11-02 23:05 - 2014-09-21 20:04 - 00000000 ____D () C:\Users\Mark
2014-11-02 21:21 - 2013-08-25 01:00 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-11-02 21:21 - 2013-08-25 01:00 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-11-02 21:21 - 2012-07-26 08:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-02 21:17 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-02 21:16 - 2013-04-18 03:46 - 00349938 _____ () C:\WINDOWS\PFRO.log
2014-11-02 21:16 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-02 21:14 - 2014-09-21 20:31 - 00001087 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-02 21:14 - 2014-09-21 20:11 - 00000957 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-01 20:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-01 19:40 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-01 13:10 - 2014-09-21 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-01 11:24 - 2014-09-21 20:11 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-10-31 16:33 - 2014-09-22 21:43 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Spotify
2014-10-30 18:01 - 2013-12-15 01:47 - 00000000 ____D () C:\Users\Mark\Desktop\Telekomrechnungen
2014-10-30 17:55 - 2013-12-10 20:55 - 00000000 ____D () C:\Users\Mark\Downloads\Rechnungen Telekom
2014-10-30 17:24 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-29 22:18 - 2014-09-27 20:09 - 00955904 ___SH () C:\Users\Mark\Downloads\Thumbs.db
2014-10-28 21:43 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-28 21:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-26 23:00 - 2014-09-24 16:19 - 00000000 ___HD () C:\$Windows.~BT
2014-10-26 22:14 - 2014-02-07 23:40 - 00000000 __SHD () C:\Recovery
2014-10-26 21:54 - 2014-09-21 20:04 - 00064773 _____ () C:\WINDOWS\diagwrn.xml
2014-10-26 21:54 - 2014-09-21 20:04 - 00064773 _____ () C:\WINDOWS\diagerr.xml
2014-10-26 21:54 - 2012-07-26 08:21 - 00686186 _____ () C:\WINDOWS\setupact.log
2014-10-26 21:53 - 2012-07-26 09:13 - 00003611 _____ () C:\WINDOWS\DtcInstall.log
2014-10-26 21:50 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\Registration
2014-10-26 21:25 - 2014-09-21 20:09 - 00000000 ____D () C:\Users\Mark\AppData\Local\Packages
2014-10-26 10:08 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-26 09:57 - 2013-04-18 05:36 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-26 09:56 - 2013-04-18 05:36 - 00000000 ____D () C:\Program Files\mcafee
2014-10-26 09:56 - 2013-04-18 05:36 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-10-26 09:53 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-10-23 23:02 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-23 23:02 - 2012-07-26 08:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-22 20:22 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-16 18:28 - 2014-09-24 19:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 18:28 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 18:26 - 2014-09-24 19:24 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-09 21:43 - 2014-09-22 21:44 - 00000000 ____D () C:\Users\Mark\AppData\Local\Spotify
2014-10-06 20:11 - 2014-09-29 22:42 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-06 19:00 - 2013-04-18 05:31 - 00000000 ____D () C:\Program Files (x86)\Intel

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\avgnt.exe
C:\Users\Mark\AppData\Local\Temp\babcabebbbce.exe
C:\Users\Mark\AppData\Local\Temp\bwvw_n1a.dll
C:\Users\Mark\AppData\Local\Temp\crossrider_uninstaller.exe
C:\Users\Mark\AppData\Local\Temp\optprosetup.exe
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe
C:\Users\Mark\AppData\Local\Temp\sqlite3.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite24813.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite27342.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite29441.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite30974.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite35178.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite49474.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite50022.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite50849.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite51136.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite59590.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite61605.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite63611.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite66088.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite66355.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite67355.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite67673.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite72319.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite72499.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite78697.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite82926.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite84745.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite89281.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite93476.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite95969.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite96205.dll
C:\Users\Mark\AppData\Local\Temp\System.Data.SQLite97066.dll
C:\Users\Mark\AppData\Local\Temp\ttap2.dll
C:\Users\Mark\AppData\Local\Temp\ttap2.exe
C:\Users\Mark\AppData\Local\Temp\tu17p84.exe
C:\Users\Mark\AppData\Local\Temp\uoEK5.exe
C:\Users\Mark\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 19:37

==================== End Of Log ============================
--- --- ---


Mit welchem Programm können wir unseren Rechner denn in Zukunft schützen?
Ich hatte immer "Internet Security" von Norton, mein Freund (dem der Laptop gehört) ist sich aber noch unsicher, welches Programm am besten wäre. Hast du da einen Tipp?

Auf jeden Fall Danke für die Hilfe!!! :)

schrauber 05.11.2014 17:43
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Norton geht echt gar nit. Das schlechteste auf dem Markt. ich empfehle immer Emsisoft.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Zitronentee 19.11.2014 17:10
Vielen Dank für deine Hilfe!

Wir werden deine Ratschläge befolgen!

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014
Ran by Mark at 2014-11-19 17:05:54 Run:1
Running from \\ACER\Users\Mark\Scanndateien
Loaded Profiles: Mark & Sabiye (Available profiles: Mark & Sabiye & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:
       
*****************

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 316.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

schrauber 20.11.2014 09:45
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131