|
Plagegeister aller Art und deren Bekämpfung: seltsame Browser-Startseite ""http://www.%snf%.com/"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.05.2016, 13:24 | #1 |
| seltsame Browser-Startseite ""http://www.%snf%.com/" Tag zusammen, erstmal Euch nen schönen Feiertag gewünscht! Ich habe gerade das Gefühl, das sich mein Rechner was eingefangen hat. Seit ein paar Tagen muss ich feststellen, das sich der Firefox mit folgender Startseite öffnet: "hxxp://www.%snf%.com/" Eingestellt ist in den Einstellungen des Firefox aber definitiv eine andere Seite. Was kann / was sollte ich Eurer Meinung nach machen? Danke im Voraus und Gruß Rik |
26.05.2016, 15:48 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Browser-Startseite ""http://www.%snf%.com/" Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
26.05.2016, 16:22 | #3 |
| seltsame Browser-Startseite ""http://www.%snf%.com/" Hi Cosinus, vielen Dank für Deine Antwort!
__________________Ich habe MBAM laufen lassen, hier kommen wie gewünscht die LOGs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 14.05.2016 Suchlaufzeit: 17:22 Protokolldatei: 20160514.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.05.14.04 Rootkit-Datenbank: v2016.05.06.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: BigWall Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 364553 Abgelaufene Zeit: 9 Min., 42 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, 6572, Löschen bei Neustart, [a22a5a7b891083b3ffdfe3eb61a0e41c] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 38 PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CloudPrinter, In Quarantäne, [01cbc80d04955fd7b82805c757acd030], PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, In Quarantäne, [dfed874ea7f238fec33032845ea5f60a], PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0156C57F-19B6-4D60-968B-A1A560009C2B}, Löschen bei Neustart, [d0fc7c59fa9fb383bbf4e9bcf70b28d8], PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{49967A8E-D427-400D-A875-14D920BA7F9E}, Löschen bei Neustart, [fad28d488d0cd363f0bfdec7eb170ff1], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4C00A8E8-9B03-46BA-82D2-CD0BC1B8811D}, Löschen bei Neustart, [864619bca9f0de58d1189e2f2ed52bd5], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{861BB689-DED5-43A0-9AF8-2D377C217591}, Löschen bei Neustart, [f9d38b4ad7c2072f15d537963ac9847c], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snf, Löschen bei Neustart, [725aa332d7c289ad5399804dc63d3ac6], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snp, Löschen bei Neustart, [3b9161745247ea4c0ae33b9250b34db3], PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebDiscover Browser Launch Task, Löschen bei Neustart, [6c609c393c5db77fb020fac1b152b050], PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebDiscover Browser Update Task, Löschen bei Neustart, [49835c795742b482844cc3f87b887e82], PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FD13F4A2-B0D8-4CAD-9CCF-D4128EAF25FF}_IS1, In Quarantäne, [8f3dd2039108c670d81aae082dd63bc5], PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [5c700fc689108da9c1bf6d51cb37f40c], PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [408c5d78c3d651e5ed2b2b539a6931cf], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtGraveair, In Quarantäne, [3d8f7a5bb8e15fd78ca93e90ff047090], PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\supTab, In Quarantäne, [5b712da87623fe382bb02890b44fae52], PUP.Optional.WPM, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [dbf101d4ddbc3402a7e2375d1ae9aa56], PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [b6162fa644553600f80c721de22101ff], PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [913b567fabeea78f98c0263661a2e020], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, In Quarantäne, [d7f54d88e3b661d5d14e5c704bb8a45c], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, In Quarantäne, [19b3c114d8c173c32c7e3a930cf70ef2], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, In Quarantäne, [22aa91440a8f31053c6e527b11f29967], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Graveair_RASAPI32, In Quarantäne, [1fad5d78cdcc8aacf9bb9b32f60dc13f], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Graveair_RASMANCS, In Quarantäne, [597325b09702fa3cefc59e2f0cf746ba], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Graveair.exe, In Quarantäne, [4488ece9f3a65adcd622f8d5f3106e92], PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, In Quarantäne, [3b9195404e4be5510883339bb94a38c8], PUP.Optional.IEPluginServices, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [2f9dc70e49500e28b405621b887b0ff1], PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [aa226b6a0693f3430f0ef99be71cdd23], PUP.Optional.InstallCore, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\InstallCore, In Quarantäne, [8f3de6ef7920f046a1358af4778c4fb1], PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\WebDiscoverBrowser, In Quarantäne, [e7e507ce1e7b45f13bb5991dd52e8e72], PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [f3d9e0f5aaef3afc0519a923fa094db3], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [309cba1ba6f33600185d347d4db538c8], PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b01c22b31f7a90a6a8d10ea345bd758b], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [5c709243603975c1dc99a90810f256aa], PUP.Optional.SweetSearch, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [fcd0a62ff7a2ba7ca7ac4c4352b18a76], PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [577523b27326b97ddd4123a90cf708f8], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [5676a53075243ff79adb6a4720e2f60a], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [cb01a72ed4c562d4e98c842ded1526da], PUP.Optional.SystemHealer, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\SYSTEM HEALER, In Quarantäne, [953723b226736ccacde2d9d955ae0df3], Registrierungswerte: 31 PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0156C57F-19B6-4D60-968B-A1A560009C2B}|Path, \WebDiscover Browser Update Task, Löschen bei Neustart, [d0fc7c59fa9fb383bbf4e9bcf70b28d8] PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{49967A8E-D427-400D-A875-14D920BA7F9E}|Path, \WebDiscover Browser Launch Task, Löschen bei Neustart, [fad28d488d0cd363f0bfdec7eb170ff1] PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4C00A8E8-9B03-46BA-82D2-CD0BC1B8811D}|Path, \snf, Löschen bei Neustart, [864619bca9f0de58d1189e2f2ed52bd5] PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{861BB689-DED5-43A0-9AF8-2D377C217591}|Path, \snp, Löschen bei Neustart, [f9d38b4ad7c2072f15d537963ac9847c] PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FD13F4A2-B0D8-4CAD-9CCF-D4128EAF25FF}_IS1|DisplayName, WebDiscover Browser 2.163.2, In Quarantäne, [8f3dd2039108c670d81aae082dd63bc5] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, In Quarantäne, [d7f54d88e3b661d5d14e5c704bb8a45c] PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [f2daa92c7623a195eade02ccb152867a] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [606c7e570594d75f8345198a22e0fd03] PUP.Optional.QuickSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com, In Quarantäne, [07c5d1044e4bdc5a3ab5bcccb54ec53b] PUP.Optional.SweetSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com, In Quarantäne, [cb01a1347425d95d4113a9e644bf1fe1] PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [9c3010c51f7abb7b6b982c63bc47a15f] PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLOUDPRINTER|ImagePath, C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a, In Quarantäne, [696329ac237645f17609735bb74c639d] PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [f3d9e0f5aaef3afc0519a923fa094db3] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [309cba1ba6f33600185d347d4db538c8] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, delta-homes, In Quarantäne, [b01c22b31f7a90a6a8d10ea345bd758b] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [923a864f9207d85eea8bb4fd4eb4b34d] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, In Quarantäne, [606cd7fe00997db9116810a113ef04fc] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [5c709243603975c1dc99a90810f256aa] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [5c70fdd829708da9c501943a07fc6f91] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [6864cc0910892214ebdc9638b74c8f71] PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WebDiscoverBrowser, C:\Program Files\WebDiscoverBrowser\2.163.2\browser.exe --docked, In Quarantäne, [f0dc45904e4b89ad1ce68429cc36b54b] PUP.Optional.SweetSearch, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MOZILLA\EXTENDS|appid, sweetsearch@gmail.com, In Quarantäne, [fcd0a62ff7a2ba7ca7ac4c4352b18a76] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\ENVIRONMENT|SNF, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [fad25b7a37620036f7f41bb16c9760a0] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\ENVIRONMENT|SNP, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D?publisher=APSFCovus&co=DE&userid=effe8a5a-2b20-4068-9c4a-e2b8be197b33&searchtype=sc&installDate=14.05.2016&barcodeid=50036003&channelid=3&av=windows, In Quarantäne, [3f8dcd08d5c4c4729953aa22d92a48b8] PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [577523b27326b97ddd4123a90cf708f8] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [5676a53075243ff79adb6a4720e2f60a] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [cb01a72ed4c562d4e98c842ded1526da] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [9834af265544a492e5e19539e22114ec] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, In Quarantäne, [af1d845127729a9c9334bd1129da3fc1] PUP.Optional.SystemHealer, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\SYSTEM HEALER|HomePage, hxxp://systemhealer.com/, In Quarantäne, [953723b226736ccacde2d9d955ae0df3] PUP.Optional.SystemHealer, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\SYSTEM HEALER|SupportPage, hxxp://systemhealer.com/support/#contact, In Quarantäne, [18b47f56a8f1f442238c4a68b152ec14] Registrierungsdaten: 23 PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[6d5fd203514886b04d02cc781be95ca4] PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[ca0205d0b7e2a591888e3e069e6605fb] PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[428aa62f7b1e171fab9ff64e0df79c64] PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[a22a27ae178268ceb462df659b69916f] PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[5e6eeaeb8b0ed2648ec1f64e01036898] PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[6c60d50019806bcb9a7c46fe6b99738d] PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[804ca233633669cdfb4fdd67b2525ea2] PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1405013810&from=cor&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[7c50587d277291a5130355efd034cd33] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[507cf2e37a1fc86eb9b914320cf8dd23] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[fecefdd8adecc472d4a6da6c4aba639d] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,),Ersetzt,[4f7d10c51287ce6811693511b153768a] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988),Ersetzt,[b21a478e9207ce687ecd68dc956fd62a] PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.delta-homes.com/web/?type=ds&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://search.delta-homes.com/web/?type=ds&ts=1429785819&from=ient04230&uid=WDCXWD10EZEX-08RKKA0_WD-WCC1S814898848988&q={searchTerms}),Ersetzt,[d2fad9fca1f8fd39c5866ed65ea617e9] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[48845382722757dfd2a8a6a000043ec2] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[e6e6d3025a3f49edd8a251f5966e4fb1] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[04c87c5998013cfaa4d7341259ab5ea2] PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[97353d984e4b7eb81061e75fe321b24e] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[09c323b25940b581b9c196b00301639d] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8xHqnrSgsXrRgsPdFlkYQOlqVmTvXdhZN0o8upmqSVGgArBWkXRWd7QXYBkQnr1brMfgOQ8VHXO2liSsA2w1nwwJbsZo,),Ersetzt,[ca025580227706303e3cf65049bb29d7] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[22aa2fa6e5b4be781268ed598b7916ea] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[9a32c213584176c06119f452c34143bd] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEM9dHz4Mno2NLTdMq5LZ9ySn3O452t5zUXrRq8KjtfG_2oRrdhEnfI-SZBNvAppHztL7UgFUP68pi8yP-6RGPP5mU6SXvv2xZvxdTT2wsHJb9Pcb9RZHmMbwi2in4rx11kZAtwL3oUKPnWk1hBTOx3G9ULaY2VnGmQB0Ytg_k,&q={searchTerms}),Ersetzt,[4983c5105b3e80b686f5a6a0a064c040] PUP.Optional.Linkury, HKU\S-1-5-21-496564312-1949498514-2425945064-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[78546f667c1d7cba8fe2f2542fd5758b] Ordner: 123 PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, In Quarantäne, [20ac429328712511d24bb8143bc89f61], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter, Löschen bei Neustart, [01cbc80d04955fd7b82805c757acd030], PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices, In Quarantäne, [3993f9dc2c6de056b010e3acb052926e], PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices\update, In Quarantäne, [3993f9dc2c6de056b010e3acb052926e], PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate, In Quarantäne, [9b31d3024752c96dc8ffa2ed3ac8b050], PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [9b31d3024752c96dc8ffa2ed3ac8b050], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pl, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\tr, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\vi, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults\preferences, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.SupTab, C:\Program Files (x86)\SupTab, In Quarantäne, [6b61c60faaef75c169d97523649e2bd5], PUP.Optional.SupTab, C:\Users\Theke\SupTab, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\content, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\skin, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Caps, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_metadata, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific\all, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_metadata, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\1558030d-74d5-0, In Quarantäne, [6d5f9243504900367423e5bc1be7946c], PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\1558030d-7d55-1, In Quarantäne, [bc1024b14f4a94a2049309984fb36d93], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], Dateien: 274 PUP.Optional.Linkury, C:\ProgramData\CloudPrinter\CloudPrinter.exe, Löschen bei Neustart, [a22a5a7b891083b3ffdfe3eb61a0e41c], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\Joytone.exe, In Quarantäne, [d0fc1abbc0d92115736b6668e120fb05], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\Toughdomcom.exe, In Quarantäne, [3a9272635c3d64d2746aa62821e012ee], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\Zonelax.bin, In Quarantäne, [24a8d302f8a1f541130ee7467e86d22e], PUP.Optional.SkyTech, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [ac201eb7247543f339123aec33ce46ba], PUP.Optional.SystemHealer, C:\Users\BigWall\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [f3d98c49edac88aef0d29ebc4fb239c7], PUP.Optional.DeltaHomes, C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-homes.com_0.localstorage, In Quarantäne, [a3298f4664353105e69fafc858aba858], PUP.Optional.DeltaHomes, C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.delta-homes.com_0.localstorage-journal, In Quarantäne, [2ba12ea7f6a3c17587fe80f719ea49b7], PUP.Optional.WebDiscoverBrowser, C:\Users\Public\Desktop\WebDiscover Browser.lnk, In Quarantäne, [d8f48e47712858dec12b1e98c83bc040], PUP.Optional.WebDiscoverBrowser, C:\Windows\System32\Tasks\WebDiscover Browser Launch Task, In Quarantäne, [5f6d44911d7c61d514ba2b907a8935cb], PUP.Optional.WebDiscoverBrowser, C:\Windows\System32\Tasks\WebDiscover Browser Update Task, In Quarantäne, [21abb02535642b0bb618b60581827888], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\ApplicationHosting.dat, In Quarantäne, [ad1f21b43861999dea64d6f12cd755ab], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\md.xml, In Quarantäne, [804cf6df4f4abb7b4b044b7c18ebec14], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\noah.dat, In Quarantäne, [e7e5884dfb9ed95d450b06c118eb966a], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\uninstall_temp.ico, In Quarantäne, [795329ac5f3ad95d044d4a7d996a3ec2], PUP.Optional.Linkury, C:\Users\BigWall\AppData\Roaming\lobby.dat, In Quarantäne, [1ab2815491080531825c42857a89bc44], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Lamcof.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\BioEx.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Quadhold.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Strongtough.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Tempfax.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Top-Air.ico, In Quarantäne, [20ac429328712511d24bb8143bc89f61], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.dat, Löschen bei Neustart, [01cbc80d04955fd7b82805c757acd030], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\Config.xml, In Quarantäne, [01cbc80d04955fd7b82805c757acd030], PUP.Optional.Linkury.ACMB1, C:\Windows\SysWOW64\findit.xml, In Quarantäne, [0fbd11c4c6d340f69e48b21a4db6bd43], PUP.Optional.Linkury.ACMB1, C:\Windows\System32\Tasks\snf, In Quarantäne, [d2fafadb425786b00edafad22dd638c8], PUP.Optional.Linkury.ACMB1, C:\Windows\System32\Tasks\snp, In Quarantäne, [6f5d4f867623c67094559b31e1229e62], PUP.Optional.IEPluginServices, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [3993f9dc2c6de056b010e3acb052926e], PUP.Optional.IHProtectUpDate, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [9b31d3024752c96dc8ffa2ed3ac8b050], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome.manifest, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\install.rdf, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\index.html, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\js.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\icon.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\logo.png, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\simple.css, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\chrome\skin\style.css, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\addonmanager.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\aes.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\config.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\dialogs.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\last_tab.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\misc.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\properties.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\remoterequest.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\restoreprefs.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\quick_searchff@gmail.com\modules\settings.js, In Quarantäne, [65673f962a6f7db96eb5c1d40bf7eb15], PUP.Optional.SupTab, C:\Users\Theke\SupTab\domain, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\expirationDate, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\hotsearch, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\hotsearch_uptime, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\name, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\path, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\set_country, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\TABts, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\uid, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\updateTime, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\url, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SupTab, C:\Users\Theke\SupTab\_ver, In Quarantäne, [ca026174c4d577bf53f0ebadc73b8b75], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome.manifest, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\install.rdf, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\extensions\sweetsearch@gmail.com\chrome\skin\icon.png, In Quarantäne, [309c9c39108954e29ae2791f3ec4ee12], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Certificate Revocation Lists, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\First Run, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Local State, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom Prefix Set, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Csd Whitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download Whitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Extension Blacklist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Inclusion Whitelist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing IP Blacklist, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing UwS List, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing UwS List Prefix Set, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\ChromeDWriteFontCache, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Session, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Tabs, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Google Profile.ico, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\History, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\History-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Action Predictor, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Action Predictor-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Persistent State, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Preferences, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Secure Preferences, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Shortcuts, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Shortcuts-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_1, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_2, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_3, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000002, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000003, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\index, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\000003.log, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\CURRENT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOCK, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000003.log, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\CURRENT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOCK, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOG, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\MANIFEST-000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_background.js, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_window.js, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css\craw_window.css, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html\craw_window.html, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_16.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_close.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_hover.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_maximize.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_pressed.png, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW\messages.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata\verified_contents.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_1, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_2, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_3, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\index, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\DC00.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\DC01.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\DC02.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\66CE.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\66CF.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\66D0.tmp, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\manifest.fingerprint, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_metadata\verified_contents.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific\all\ev_hashes_whitelist.bin, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216\manifest.fingerprint, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\manifest.fingerprint, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\manifest.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_metadata\verified_contents.json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_pnacl_json, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_0, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_1, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_2, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_3, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.WebDiscoverBrowser, C:\Users\BigWall\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\index, In Quarantäne, [56760bca3267de58de9e7925fe047a86], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs\ff.HP, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs\ff.NT, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Graveairs\snp.sc, In Quarantäne, [8c40d5009504f145fd50e6817e86b24e], PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\Config.xml, In Quarantäne, [a02cebeaa6f3c96d49d0acbb2ed6da26], PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\InstallationConfiguration.xml, In Quarantäne, [b8145e777029280e50cadd8ab450cc34], PUP.Optional.DeltaHomes.ShrtCln, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "delta-homes");), Ersetzt,[3795369f118895a112d26ff42ada0cf4] PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), Ersetzt,[cefe686dc1d8e94d39a0a2c5758f7090] PUP.Optional.Linkury.ACMB1, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (user_pref("browser.startup.homepage", "C:\\ProgramData\\Graveairs\\ff.HP), Ersetzt,[d3f9f9dc900985b104ddd19843c103fd] PUP.Optional.QuickSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (quick_searchff@gmail.com), Ersetzt,[b21adcf939608ea808e31b4ee1237c84] PUP.Optional.SweetSearch, C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\prefs.js, Gut: (), Schlecht: (sweetsearch@gmail.com), Ersetzt,[a12b8a4b52475adcaf40bbaef90ba15f] PUP.Optional.Linkury.ACMB1, C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), Ersetzt,[933908cd7722f343c51424439c68a55b] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
26.05.2016, 16:23 | #4 |
| seltsame Browser-Startseite ""http://www.%snf%.com/"Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von Theke (ACHTUNG: der Benutzer ist kein Administrator) auf THEKEWIN7 (26-05-2016 17:13:18) Gestartet von C:\Users\Theke\Desktop Geladene Profile: BigWall & Theke (Verfügbare Profile: BigWall & Theke) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) konnte nicht auf den Prozess zugreifen -> smss.exe konnte nicht auf den Prozess zugreifen -> csrss.exe konnte nicht auf den Prozess zugreifen -> wininit.exe konnte nicht auf den Prozess zugreifen -> csrss.exe konnte nicht auf den Prozess zugreifen -> services.exe konnte nicht auf den Prozess zugreifen -> lsass.exe konnte nicht auf den Prozess zugreifen -> lsm.exe konnte nicht auf den Prozess zugreifen -> winlogon.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> nvvsvc.exe konnte nicht auf den Prozess zugreifen -> nvSCPAPISvr.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> MsMpEng.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> nvxdsync.exe konnte nicht auf den Prozess zugreifen -> nvvsvc.exe konnte nicht auf den Prozess zugreifen -> wisptis.exe konnte nicht auf den Prozess zugreifen -> spoolsv.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> armsvc.exe konnte nicht auf den Prozess zugreifen -> mDNSResponder.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> EpsonPE.exe konnte nicht auf den Prozess zugreifen -> DeviceControlLog.exe konnte nicht auf den Prozess zugreifen -> PCSVC.exe konnte nicht auf den Prozess zugreifen -> mqsvc.exe konnte nicht auf den Prozess zugreifen -> sqlservr.exe konnte nicht auf den Prozess zugreifen -> SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Jumping Bytes) D:\Programme\PureSync\PureSyncTray.exe (Binary Fortress Software) D:\Programme\TrayStatus\TrayStatus.exe (KYOCERA MITA Corporation) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe (Adobe Systems Inc.) D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe konnte nicht auf den Prozess zugreifen -> Service_KMS.exe konnte nicht auf den Prozess zugreifen -> SFUSVC.exe konnte nicht auf den Prozess zugreifen -> sqlwriter.exe konnte nicht auf den Prozess zugreifen -> NsCatCom.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> TeamViewer_Service.exe konnte nicht auf den Prozess zugreifen -> vmware-usbarbitrator64.exe konnte nicht auf den Prozess zugreifen -> NisSrv.exe konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe konnte nicht auf den Prozess zugreifen -> OSPPSVC.EXE konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> WUDFHost.exe konnte nicht auf den Prozess zugreifen -> WUDFHost.exe konnte nicht auf den Prozess zugreifen -> wmpnetwk.exe konnte nicht auf den Prozess zugreifen -> WUDFHost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe konnte nicht auf den Prozess zugreifen -> tv_w32.exe konnte nicht auf den Prozess zugreifen -> tv_x64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE (Dropbox, Inc.) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (MagicLine GmbH) \\Magiclinevm7\d\programe\magicline\sml.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe (Microsoft Corporation) C:\Windows\splwow64.exe konnte nicht auf den Prozess zugreifen -> TrustedInstaller.exe (Adobe Systems, Incorporated) D:\Programme\Adobe\CS6\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (David Harris) \\mailserver\PMAIL\Programs\WINPM-32.EXE (NETGEAR Inc.) D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe () D:\Programme\NETGEAR Genie\bin\genie2_tray.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe (Malwarebytes) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe konnte nicht auf den Prozess zugreifen -> SearchProtocolHost.exe konnte nicht auf den Prozess zugreifen -> SearchFilterHost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [EpsonAPD4SV] => C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE [212608 2013-11-14] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [55264 2016-03-10] (Malwarebytes) HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [Vidalia] => D:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-06-05] () HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [PureSync] => D:\Programme\PureSync\PureSyncTray.exe [1043312 2016-03-08] (Jumping Bytes) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [TrayStatus] => D:\Programme\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [Dropbox Update] => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk [2016-05-14] ShortcutTarget: Scanner File Utility.lnk -> D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe (KYOCERA MITA Corporation) Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-10-17] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BuchungenV4.01.accdb - Verknüpfung.lnk [2014-06-25] ShortcutTarget: BuchungenV4.01.accdb - Verknüpfung.lnk -> D:\Programme\Buchungsprogramm\BuchungenV4.01.accdb () Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-13] ShortcutTarget: Dropbox.lnk -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicLine.lnk [2014-12-05] ShortcutTarget: MagicLine.lnk -> X:\Programe\MagicLine\SML.exe (MagicLine GmbH) Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR Genie.lnk [2015-08-28] ShortcutTarget: NETGEAR Genie.lnk -> D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.) GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 212.37.37.50 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{C23795F5-05BE-4B5B-905C-831E17ABC665}: [DhcpNameServer] 8.8.8.8 212.37.37.50 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.delta%2Dhomes.com%2F%3Ftype%3Dhp%26ts%3D1429785819%26from%3Dient04230%26uid%3DWDCXWD10EZEX%2D08RKKA0%5FWD%2DWCC1S814898848988&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html URLSearchHook: [S-1-5-21-496564312-1949498514-2425945064-1000] ACHTUNG => Standard URLSearchHook fehlt SearchScopes: HKLM-x32 -> ielnksrch URL = SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> DefaultScope {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) DPF: HKLM-x32 {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://192.168.3.90/RtspVaPgDec.cab DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxp://192.168.3.88/aplugLiteDL.cab StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default FF NewTab: C:\\ProgramData\\Graveairs\\ff.NT FF Homepage: hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "socks", "localhost" FF NetworkProxy: "socks_port", 9050 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2012-07-13] (VMware, Inc.) FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-02-11] (VMware, Inc.) FF Plugin-x32: Adobe Acrobat -> D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Extension: flickr original - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\extensions\flickr@jzlabs.com.xpi [2016-04-28] FF Extension: ADB Helper - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\adbhelper@mozilla.org [2016-02-05] FF Extension: Ghostery - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\firefox@ghostery.com.xpi [2016-05-04] FF Extension: Valence - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-23] FF Extension: Video DownloadHelper - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23] FF Extension: Adblock Plus - C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-17] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-26] CHR Extension: (Google Drive) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-26] CHR Extension: (YouTube) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-26] CHR Extension: (Google-Suche) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-26] CHR Extension: (Embedder for Google Business View™) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehloahmpmbpgpkkdnlnidpokncaaomak [2014-07-01] CHR Extension: (Bookmark Manager) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-22] CHR Extension: (Google Wallet) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-26] CHR Extension: (Google Mail) - C:\Users\Theke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-26] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-25] (Adobe Systems) [Datei ist nicht signiert] R2 EpsonPEService; C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe [914584 2012-01-30] (Seiko Epson Corporation) R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [396288 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [551936 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R2 MSSQL$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation) S3 NETGEARGenieDaemon; D:\Programme\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 Service KMSELDI; d:\Programme\KMSpico\Service_KMS.exe [735936 2015-08-16] (@ByELDI) [Datei ist nicht signiert] R2 SFUSVC; D:\Programme\TriumphAdler\ScannerUtility\SFUSVC.exe [274499 2003-09-16] (KYOCERA MITA CORPORATION) [Datei ist nicht signiert] S4 SQLAgent$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 EpsCe; C:\Windows\system32\Drivers\EpsCe.sys [91944 2014-06-25] (Seiko Epson Corporation) S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2013-11-18] (SEIKO EPSON CORPORATION) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-14] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-07] (CACE Technologies, Inc.) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation) R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-03-01] (Seiko Epson Corporation) S2 EpsCe2; \??\C:\Windows\system32\Drivers\EpsCe2.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-26 17:13 - 2016-05-26 17:14 - 00029316 ____C C:\Users\Theke\Desktop\FRST.txt 2016-05-26 17:13 - 2016-05-26 17:13 - 00000000 ___DC C:\FRST 2016-05-26 17:12 - 2016-05-26 17:12 - 02383360 ____C (Farbar) C:\Users\Theke\Desktop\FRST64.exe 2016-05-19 14:35 - 2016-05-19 14:35 - 00000000 __SDC C:\Users\Theke\Documents\Meine Datenquellen 2016-05-14 17:23 - 2016-05-14 17:28 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Hemag-CAD 2016-05-14 17:21 - 2016-05-14 17:21 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-14 17:21 - 2016-05-14 17:21 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-05-14 17:20 - 2016-05-14 17:20 - 00000000 ___DC C:\ProgramData\Malwarebytes 2016-05-14 17:20 - 2016-03-10 14:09 - 00064896 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-14 17:20 - 2016-03-10 14:08 - 00140672 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-14 17:20 - 2016-03-10 14:08 - 00027008 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-14 17:00 - 2016-05-14 17:52 - 00000000 ___DC C:\ProgramData\Hemag-CAD 2016-05-14 17:00 - 2016-05-14 17:00 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Hemag-CAD 2016-05-14 16:59 - 2016-05-14 16:59 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\dlg 2016-05-14 16:58 - 2016-05-14 16:58 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Opera Software 2016-05-14 16:56 - 2016-05-14 16:56 - 06494208 ____C C:\Users\BigWall\AppData\Roaming\agent.dat 2016-05-14 16:56 - 2016-05-14 16:56 - 01626777 ____C C:\Users\BigWall\AppData\Roaming\Joytone.tst 2016-05-14 16:56 - 2016-05-14 16:56 - 00127488 ____C C:\Users\BigWall\AppData\Roaming\Installer.dat 2016-05-14 16:56 - 2016-05-14 16:56 - 00072717 ____C C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst 2016-05-14 16:56 - 2016-05-14 16:56 - 00018432 ____C C:\Users\BigWall\AppData\Roaming\Main.dat 2016-05-13 11:32 - 2016-05-13 11:32 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-12 14:02 - 2016-05-12 14:03 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-05-12 14:02 - 2016-05-12 14:03 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-05-12 14:02 - 2016-05-12 14:03 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-05-12 14:02 - 2016-05-12 14:03 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2016-05-11 15:19 - 2016-05-11 22:44 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 15:18 - 2016-05-11 22:41 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 15:18 - 2016-05-11 22:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 15:18 - 2016-05-11 22:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 15:18 - 2016-05-11 22:39 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 15:18 - 2016-05-11 22:39 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 15:18 - 2016-05-11 22:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 15:18 - 2016-05-11 22:39 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 15:18 - 2016-05-11 22:39 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 15:18 - 2016-05-11 22:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 15:18 - 2016-05-11 22:29 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-11 15:18 - 2016-05-11 22:29 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-06 11:08 - 2016-05-07 10:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox 2016-04-30 12:32 - 2016-04-30 12:32 - 00003189 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProfiCash.exe.lnk 2016-04-30 11:33 - 2016-04-30 11:33 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-04-30 11:06 - 2016-04-30 11:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe 2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftsrch.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\ftsrch.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx041e.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\ftlx041e.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx0411.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\ftlx0411.dll 2016-04-29 10:34 - 2016-04-29 10:34 - 00001651 ____C C:\Users\Theke\Desktop\Pegasus.LNK 2016-04-28 20:56 - 2016-04-28 20:56 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pegasus Mail ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-26 11:10 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-26 11:10 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-26 11:06 - 2014-04-17 18:50 - 00002246 ____H C:\Users\Theke\Documents\Default.rdp 2016-05-26 11:01 - 2014-04-15 20:58 - 00765264 ____C C:\Windows\system32\perfh007.dat 2016-05-26 11:01 - 2014-04-15 20:58 - 00174254 ____C C:\Windows\system32\perfc007.dat 2016-05-26 11:01 - 2009-07-14 07:13 - 01805518 ____C C:\Windows\system32\PerfStringBackup.INI 2016-05-26 11:01 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\inf 2016-05-26 11:00 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\system32\FxsTmp 2016-05-26 10:56 - 2014-11-10 19:35 - 00000000 __RDC C:\Users\Theke\Dropbox 2016-05-26 10:55 - 2014-04-15 13:52 - 00000000 ___DC C:\ProgramData\NVIDIA 2016-05-26 10:55 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2016-05-24 21:39 - 2014-12-13 12:22 - 00000000 ___DC C:\Program Files (x86)\TeamViewer 2016-05-24 13:48 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-20 13:44 - 2015-12-01 11:08 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-20 04:06 - 2016-03-05 16:22 - 00000977 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-05-14 18:21 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system 2016-05-14 18:08 - 2015-06-18 13:57 - 00001224 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job 2016-05-14 17:38 - 2014-09-27 09:58 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-14 17:37 - 2016-01-20 18:38 - 00000735 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2016-05-14 17:37 - 2015-08-28 13:28 - 00000912 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk 2016-05-14 17:37 - 2015-07-23 13:50 - 00002181 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-14 17:37 - 2015-07-23 13:50 - 00001153 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-14 17:37 - 2015-03-25 11:59 - 00000769 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2016-05-14 17:37 - 2014-07-04 10:27 - 00002453 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2016-05-14 17:37 - 2014-07-04 10:27 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2016-05-14 17:37 - 2014-07-04 10:18 - 00001091 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk 2016-05-14 17:37 - 2014-07-04 10:15 - 00000991 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk 2016-05-14 17:37 - 2014-06-25 15:09 - 00002079 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk 2016-05-14 17:37 - 2014-06-25 15:08 - 00002061 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk 2016-05-14 17:37 - 2014-04-15 16:34 - 00002471 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2016-05-14 17:37 - 2014-04-15 16:33 - 00002507 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-05-14 17:37 - 2014-04-15 16:13 - 00002111 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2016-05-14 17:37 - 2014-04-15 11:01 - 00001333 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-05-14 17:37 - 2014-04-15 11:01 - 00001314 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-05-14 17:37 - 2009-07-14 07:01 - 00001282 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-05-14 17:37 - 2009-07-14 06:57 - 00001535 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-05-14 17:37 - 2009-07-14 06:57 - 00001318 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-05-14 17:37 - 2009-07-14 06:57 - 00001234 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-05-14 17:37 - 2009-07-14 06:54 - 00001198 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-05-14 17:37 - 2009-07-14 06:49 - 00001266 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-05-14 17:35 - 2014-04-17 18:12 - 00000000 ___DC C:\Users\Theke 2016-05-14 17:25 - 2014-07-01 15:21 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-14 17:06 - 2015-07-09 21:24 - 00000000 ____D C:\Users\Theke\AppData\Local\CrashDumps 2016-05-14 16:57 - 2014-04-17 18:12 - 00001451 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-14 16:19 - 2015-06-18 13:57 - 00001172 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job 2016-05-14 14:35 - 2014-07-01 15:21 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-13 16:38 - 2014-06-25 09:45 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-13 16:38 - 2014-06-25 09:45 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-13 11:32 - 2014-11-10 19:31 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Dropbox 2016-05-12 21:12 - 2014-12-11 14:38 - 00000000 ___DC C:\Windows\system32\appraiser 2016-05-12 13:55 - 2009-07-14 06:45 - 05524632 ____C C:\Windows\system32\FNTCACHE.DAT 2016-05-12 13:54 - 2010-11-21 09:16 - 00000000 ___DC C:\Program Files\Windows Journal 2016-05-11 22:38 - 2014-04-15 13:34 - 00000000 ___DC C:\Windows\system32\MRT 2016-05-11 22:29 - 2014-04-15 13:34 - 139319312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-07 19:06 - 2015-06-07 10:45 - 00369168 ____C (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00281104 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00106000 ____C (CACE Technologies, Inc.) C:\Windows\system32\packet.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00096784 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00035344 ____C (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2016-05-07 10:13 - 2014-06-25 09:44 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-06 21:46 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\SysWOW64\GWX 2016-05-06 21:46 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\system32\GWX 2016-05-04 14:42 - 2014-04-17 18:12 - 00254168 _____ C:\Users\Theke\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-02 13:40 - 2014-04-15 13:08 - 00000000 ___DC C:\Users\BigWall 2016-04-30 12:24 - 2014-10-09 13:42 - 00000000 ___DC C:\ProgramData\Oracle 2016-04-30 11:22 - 2016-01-30 11:26 - 00097856 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-04-30 11:22 - 2015-10-11 10:33 - 00000000 ___DC C:\Users\Theke\.oracle_jre_usage 2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Users\BigWall\.oracle_jre_usage 2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Program Files (x86)\Java 2016-04-30 11:22 - 2014-10-22 08:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-30 11:19 - 2014-04-17 18:39 - 00990275 ____C C:\Windows\unins000.exe 2016-04-30 11:19 - 2014-04-17 18:39 - 00041340 ____C C:\Windows\unins000.dat 2016-04-29 11:34 - 2014-08-05 16:02 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\VMware 2016-04-28 20:57 - 2014-07-26 11:42 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\tor ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-11-12 11:28 - 2015-09-04 16:49 - 0000132 ____C () C:\Users\Theke\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen 2014-07-08 20:35 - 2015-07-17 16:11 - 0000132 ____C () C:\Users\Theke\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen 2015-03-23 16:02 - 2015-05-30 17:47 - 0000132 ____C () C:\Users\Theke\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-08-14 14:27 - 2014-08-14 14:27 - 0038432 ____C () C:\Users\Theke\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2014-07-06 17:25 - 2015-12-29 21:32 - 0001456 _____ () C:\Users\Theke\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2014-07-10 14:01 - 2015-03-23 20:09 - 0005632 _____ () C:\Users\Theke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 14:42 - 2015-07-07 13:21 - 0000600 _____ () C:\Users\Theke\AppData\Local\PUTTY.RND 2016-01-08 11:56 - 2016-01-08 11:56 - 0000862 ____C () C:\Users\Theke\AppData\Local\recently-used.xbel Einige Dateien in TEMP: ==================== C:\Users\Theke\AppData\Local\Temp\CIB166F.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIB1FFE.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIB75CE.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIB9BE7.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIBC477.tmp.exe C:\Users\Theke\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Theke\AppData\Local\Temp\ose00000.exe C:\Users\Theke\AppData\Local\Temp\PureSyncInst.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von Theke (2016-05-26 17:14:27) Gestartet von C:\Users\Theke\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-04-15 11:08:46) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-496564312-1949498514-2425945064-500 - Administrator - Disabled) BigWall (S-1-5-21-496564312-1949498514-2425945064-1000 - Administrator - Enabled) => C:\Users\BigWall Gast (S-1-5-21-496564312-1949498514-2425945064-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-496564312-1949498514-2425945064-1011 - Limited - Enabled) Theke (S-1-5-21-496564312-1949498514-2425945064-1001 - Limited - Enabled) => C:\Users\Theke ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.5 - Sereby Corporation) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.1 - Angry IP Scanner) Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Berker TS RTR Plugin 0.0.1.0 (HKLM-x32\...\{E11AC1A7-2F59-4911-90ED-E0B55D2101D6}) (Version: 0.0.1.0 - Berker GmbH & Co. KG) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bully Dog Update Agent (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\87038f485ccfb0f5) (Version: 1.1.7.8 - Bully Dog Technologies) Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version: - ) Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.2.1 - Nikon Corporation) CIB pdf brewer (HKLM\...\{230C73B3-78DF-4201-AC19-7BEE33311621}) (Version: 2.7.0002 - CIB software GmbH) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Dropbox (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.) DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink) EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics) EPSON Advanced Printer Driver 4 (HKLM-x32\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.55.0400 - SEIKO EPSON CORPORATION) EPSON APD4 Point and Print Support (x32 Version: 4.55.0400 - SEIKO EPSON CORPORATION) Hidden EPSON Port Communication Service (HKLM\...\{41D2226A-AD7F-423E-A85C-A09FBD4B53DE}) (Version: 3.9.0 - SEIKO EPSON CORPORATION) EPSON TM Coupon Package (HKLM-x32\...\{60ED98A7-BE97-4F26-B32E-5087337C6044}) (Version: 1.20.0000 - Seiko Epson Corporation) <==== ACHTUNG EPSON TM Virtual Port Driver Ver.8.30b (HKLM-x32\...\{3D7277B3-B0BE-497C-A626-55F063254B5B}) (Version: 8.30.0000 - SEIKO EPSON CORPORATION) Fakturama 1.6.8 (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\5723-2630-1175-8368) (Version: 1.6.8 - Fakturama.org) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation) GDR 4042 für SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.) Hager TR131 - Berker 8505 01 00 Plug-In (HKLM-x32\...\{C30F8D97-FB69-4EB5-A6D4-A89B27DF167E}) (Version: 1.1.0 - Hager Group) iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) InstPortMon (x32 Version: 1.3.0.0 - InstPortMon) Hidden iSpy (64 bit) (HKLM\...\{4C5C6F38-E560-4A88-8F68-735D7A258F28}) (Version: 6.5.1.0 - DeveloperInABox) iSpy package installer (64 bit) (HKLM-x32\...\{122ec9b4-1264-45d8-b64c-b73493549025}) (Version: 6.5.1.0 - DeveloperInABox) IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) KG-819 (HKLM-x32\...\KG-819V2.00) (Version: V2.00 - Quanzhou Wouxun Electronics Co.£¬Ltd. Right) KM-NET Remote Operation Panel (HKLM-x32\...\{7325D304-E5D4-11D3-A677-00C04FC337BE}) (Version: - ) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) KNX eteC Falcon Runtime v2.1 (x32 Version: 2.1.5213.27900 - KNX Association cvba) Hidden KNX ETS4 (HKLM-x32\...\KNX ETS4) (Version: 4.1.3614.46489 - KNX Association cvba) KNX ETS4 (x32 Version: 4.1.3614.46489 - KNX Association cvba) Hidden KNX ETS4 Additional Runtime (x32 Version: 4.0.0.0 - KNX Association cvba) Hidden Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation) Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Magicline - Client - Installation (HKLM-x32\...\{E40C9183-4FB7-11DB-9529-000C6E0CFD35}) (Version: 8.50.0000 - Studioline Schulz und Lorenzen KG) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2008 Management Objects (HKLM\...\{D9473D19-26F1-4B91-BBAC-4089CB41BC48}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon) NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.308.2 - Tracker Software Products (Canada) Ltd.) Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version: - David Harris) Pegasus Mail HTML Renderer 2.4.9.9 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture) Pegasus Mail v4.72 Release 1, Build 572 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version: - Sven Henze) ph (x32 Version: 1.0.0 - Your Company Name) Hidden Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.1.1 - Nikon Corporation) PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific) PL-2303HXD Vista Driver Installer (HKLM-x32\...\{503C86BF-22CB-4806-B2AE-AA79DFD8BA35}) (Version: 3.0.0.1 - Prolific Technology Inc.) Profi cash (HKLM-x32\...\Profi cash) (Version: - ) PureSync (x32 Version: 4.1.0 - Jumping Bytes) Hidden PureSync 4.1.0 (HKLM-x32\...\PureSync) (Version: 4.1.0 - Jumping Bytes) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Scanner File Utility (HKLM-x32\...\{2CA99244-798C-11D6-AF02-0010B5A02D6F}) (Version: 4.11.03 - ) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation) SketchUp 2014 (HKLM-x32\...\{9E620BD5-AEEC-492D-9065-D71FCD4C52F1}) (Version: 14.1.1282 - Trimble Navigation Limited) SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) SolarWinds Active Diagnostics 1.1.0.230 (HKLM-x32\...\{B8FB6695-3797-4DAA-B113-13CB8BBEF9C7}) (Version: 1.1.0.230 - SolarWinds, Inc.) SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server System CLR Types (HKLM\...\{F4264106-F90E-4076-98CF-1B878DB14513}) (Version: 10.0.1600.22 - Microsoft Corporation) SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation) SuperMailer 8.01 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 8.01 - Mirko Boeer Softwareentwicklungen) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) TextPad 7 (HKLM\...\{F5AF1DA4-4929-4BFA-B948-7BDD98A5405F}) (Version: 7.3.0 - Helios) Tor 0.2.4.22 (HKLM-x32\...\Tor) (Version: - ) TrayStatus 1.2.3 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 1.2.3.0 - Binary Fortress Software) Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version: - ) VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.1557 - VMware, Inc.) VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.) WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.) WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => <==== ACHTUNG ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\Theke\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () D:\Programme\FileZilla FTP Client\fzshellext_64.dll 2015-12-12 12:50 - 2012-07-20 14:39 - 02469888 _____ () D:\Programme\IZArc\IZArcCM64.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\petzldealer.com -> hxxps://www.petzldealer.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2014-07-04 11:25 - 00002831 ___AC C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 192.150.14.69 127.0.0.1 192.150.18.101 127.0.0.1 192.150.18.108 127.0.0.1 192.150.22.40 127.0.0.1 192.150.8.100 127.0.0.1 192.150.8.118 127.0.0.1 209-34-83-73.ood.opsource.net 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com Da befinden sich 34 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 212.37.37.50 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: TeamViewer9 => 2 ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{2AF505A6-FD82-4E5D-BECC-8BACD281B4FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B732E66-00C9-44FC-83E6-3B65C42394DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E92CF607-CF51-43A4-8028-008ACB195E89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FE523324-55BB-4AE4-A5EC-8C96545B54BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D5675ABB-915F-4C4E-B5AD-BEBA6CC79466}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe FirewallRules: [{489C99D0-75B8-4621-A4BA-D187EE25676E}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe FirewallRules: [{7C93B7F1-5FE2-4577-8831-EABCE06C4FCD}] => (Block) D:\Programme\Adobe\Photoshop CS2\Photoshop.exe FirewallRules: [{A252E2D6-8687-4079-9E5C-7DBCFCB50987}] => (Block) D:\Programme\Adobe\Photoshop CS2\ImageReady.exe FirewallRules: [{5483C2D1-DBB0-46F2-9219-4B6BDCD4C0D1}] => (Block) E:\VOLKSWAGEN\Keygen.exe FirewallRules: [{D24A7F60-05E0-4201-840B-395D607B3D1E}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatConf.exe FirewallRules: [{2F390EDC-EC39-445D-923D-CC1E4DB68672}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe FirewallRules: [{18E008FA-D8D2-4C86-854E-31010171471C}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{618B0A4D-6057-48AB-84DB-2C3E0E0BEE73}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{86E75673-2560-4B66-BB59-F9C1DC40FC50}] => (Allow) LPort=7935 FirewallRules: [{4E0CDC5B-0F52-4967-888C-B5A3D1E95808}] => (Block) C:\Program Files (x86)\ETS4\ETS4.exe FirewallRules: [TCP Query User{46E1C863-2B72-40B2-88F2-83A7B5B3073A}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe FirewallRules: [UDP Query User{F0E7EFF3-36C2-4253-9246-3703460A6B1F}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe FirewallRules: [TCP Query User{9E0B22FC-5921-4A83-9D93-6348D240433E}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe FirewallRules: [UDP Query User{4C2169F9-71F6-4197-AFCD-F45FB3B065FA}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe FirewallRules: [{CE1715D7-3622-4AF0-84F2-3132919AEA2C}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{BE84BABE-DC31-4622-9AEC-802B76B9D0B7}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{6131C880-C76E-468D-86B6-FD61373BA71E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8B784CA0-A0CF-4F4C-995D-93908687B91D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{85F4C43F-FA8C-409C-8AAD-F07FA5F002BE}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{67A4F906-DE22-4AAA-B2CF-6A291C4A7B3A}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe FirewallRules: [TCP Query User{F0F9A621-96C0-4D38-B926-3ADA1E7FF6C3}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe FirewallRules: [UDP Query User{602D4885-E883-4AEB-A8C2-8E36933DEED1}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe FirewallRules: [TCP Query User{501707A5-E750-40A4-9B2E-56E6A7DB6485}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{2DF280B3-F7AF-40A7-B3B7-DD80125A0C40}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{F251C477-55FA-470B-AEFE-3C321C1BA986}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{542A6A53-843B-4BA7-BD40-96627228F5E2}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [{56F7E30C-A277-4F0F-AFDA-0233C3E55B8F}] => (Allow) LPort=1688 FirewallRules: [{91A8F7B3-A2C1-4FA3-8A3D-2A38F0FDAFF9}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe FirewallRules: [{2FCA0C05-9E95-4FED-9C20-50DB52C40863}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe FirewallRules: [TCP Query User{C20CEFF4-3B10-4E41-9AC3-856F4D9115C9}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{308204A6-74A7-4655-A08C-36E192BF7E64}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [{C59A5CAB-1029-4BB9-8175-F5BB1121DAD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{531C66F8-2593-4160-8241-6079B2152AD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [TCP Query User{6CB8C93F-1C54-4BB9-B739-1120AA23CFFD}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe FirewallRules: [UDP Query User{0801E5DD-D24F-491E-930F-D74F93CD2121}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe FirewallRules: [TCP Query User{F4A24CB2-F064-494C-998C-AADBF499F8AC}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe FirewallRules: [UDP Query User{815CAEE5-3C5F-4A37-B242-98284E8F92BE}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe FirewallRules: [{E198830E-7026-4913-BC91-BB84177C1E90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{BBE6B44A-6A29-4A2C-8798-0CC6A5CA4F88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7DB5B5E0-7968-4583-A394-379B219F8492}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C8DCA76B-6F71-4709-A6D5-C37A0939B46B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E5914E6A-FDA3-4756-96FA-7B6BE214A6AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 3.3.168.192.in-addr.arpa. PTR ThekeWin7.local. Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353 19 3.3.168.192.in-addr.arpa. PTR ThekeWin7-2.local. Error: (05/26/2016 10:57:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2016 01:37:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2016 01:50:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/23/2016 01:48:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname ThekeWin7.local already in use; will try ThekeWin7-2.local instead Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 ThekeWin7.local. Addr 192.168.3.3 Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353 16 ThekeWin7.local. AAAA FD00:0000:0000:0000:48BB:2BE1:1267:8EDF Error: (05/23/2016 01:47:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 ThekeWin7.local. Addr 192.168.3.3 Systemfehler: ============= Error: (05/26/2016 12:44:59 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (05/26/2016 10:56:28 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/26/2016 10:55:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "WebDiscover Browser Startup Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/26/2016 10:55:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "EPSON PCS Parallel Port Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (05/26/2016 10:55:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "EpsCe2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/26/2016 10:55:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT) Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402. Error: (05/26/2016 10:55:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT) Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402. Error: (05/25/2016 09:50:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (05/25/2016 05:40:48 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (05/25/2016 01:36:42 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) ==================== Speicherinformationen =========================== Prozessor: AMD FX(tm)-4130 Quad-Core Processor Prozentuale Nutzung des RAM: 90% Installierter physikalischer RAM: 4079.23 MB Verfügbarer physikalischer RAM: 407.79 MB Summe virtueller Speicher: 8156.64 MB Verfügbarer virtueller Speicher: 2485.54 MB ==================== Laufwerke ================================ Drive c: (System) (Fixed) (Total:59.62 GB) (Free:1.08 GB) NTFS Drive d: (Volume) (Fixed) (Total:931.41 GB) (Free:703.75 GB) NTFS Drive m: () (Network) (Total:1829.34 GB) (Free:623.68 GB) Drive x: (Programme) (Network) (Total:97.66 GB) (Free:91.69 GB) NTFS ==================== MBR & Partitionstabelle ================== ==================== Ende von Addition.txt ============================ |
26.05.2016, 22:01 | #5 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Browser-Startseite ""http://www.%snf%.com/"Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
27.05.2016, 09:55 | #6 |
| seltsame Browser-Startseite ""http://www.%snf%.com/" okay, werde die Scans nochmal als Admin durchführen und berichten. Den "Volkswagen-Keygen" kenne ich nicht - der Rechner war aber ne Zeitlang ohne Adminrechte ausgestattet, vielleicht hat einer meiner Mitarbeiter irgendwas versucht zu installieren? Und: Laufwerk E ist bei mir das DVD-Laufwerk? Verstehe ich nicht... Gruß Rik |
27.05.2016, 09:59 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Browser-Startseite ""http://www.%snf%.com/" Was heißt hier Mitarbeiter? Wenn das ein Büro-PC ist und ihr da gecrackte Software verwendet kann man nur noch mit dem Kopf schütteln. Abgesehen davon ist die IT-Abteilung der Firma für die Sicherheit und Malwareentfernung zuständig.
__________________ Logfiles bitte immer in CODE-Tags posten |
27.05.2016, 10:29 | #8 |
| seltsame Browser-Startseite ""http://www.%snf%.com/" Hi Cosinus! hab nun die Scanner nochmal durchlaufen lassen, hier die LOGs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 27.05.2016 Suchlaufzeit: 10:48 Protokolldatei: 20160527..txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.05.27.02 Rootkit-Datenbank: v2016.05.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: BigWall Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 365644 Abgelaufene Zeit: 8 Min., 50 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [b22cdffbb0e91b1b3d50596c57ace21e], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 3 PUP.Optional.Linkury.Gen, C:\Users\BigWall\AppData\Roaming\Joytone.tst, , [548a9545b1e884b240b337aa986b7090], PUP.Optional.Linkury.Gen, C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst, , [a935eded1b7e171f43b0c21fcb38ce32], PUP.Optional.Linkury.ACMB1, C:\Users\Theke\AppData\Roaming\Mozilla\Firefox\Profiles\f7crznjg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "C:\\ProgramData\\Graveairs\\ff.NT");), ,[c11d65754c4d8da9ee57f781778dd729] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von BigWall (Administrator) auf THEKEWIN7 (27-05-2016 10:56:40) Gestartet von C:\Users\Theke\Desktop Geladene Profile: BigWall & Theke & (Verfügbare Profile: BigWall & Theke) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Seiko Epson Corporation) C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (@ByELDI) D:\Programme\KMSpico\Service_KMS.exe (KYOCERA MITA CORPORATION) D:\Programme\TriumphAdler\ScannerUtility\SFUSVC.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (KYOCERA MITA Corporation) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Jumping Bytes) D:\Programme\PureSync\PureSyncTray.exe (Binary Fortress Software) D:\Programme\TrayStatus\TrayStatus.exe (KYOCERA MITA Corporation) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe (Adobe Systems Inc.) D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE (Dropbox, Inc.) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (MagicLine GmbH) \\MAGICLINEVM7\D\Programe\MagicLine\SML.exe (Jumping Bytes) C:\Program Files (x86)\Common Files\Jumping Bytes\jbUpdater.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe (David Harris) \\mailserver\PMAIL\Programs\winpm-32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [EpsonAPD4SV] => C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE [212608 2013-11-14] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [55264 2016-03-10] (Malwarebytes) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [Vidalia] => D:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-06-05] () HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\MountPoints2: {4d78e51f-c47c-11e3-8fa3-806e6f6e6963} - D:\ASRSetup.exe HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Vidalia] => D:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-06-05] () HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4d78e51f-c47c-11e3-8fa3-806e6f6e6963} - D:\ASRSetup.exe HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [PureSync] => D:\Programme\PureSync\PureSyncTray.exe [1043312 2016-03-08] (Jumping Bytes) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [TrayStatus] => D:\Programme\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [Dropbox Update] => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PureSync] => D:\Programme\PureSync\PureSyncTray.exe [1043312 2016-03-08] (Jumping Bytes) HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TrayStatus] => D:\Programme\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software) HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner File Utility.lnk [2016-05-14] ShortcutTarget: Scanner File Utility.lnk -> D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe (KYOCERA MITA Corporation) Startup: C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk [2016-05-14] ShortcutTarget: Zahlungserinnerung.lnk -> D:\Programme\ProfiCash\wzed.exe () Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-10-17] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BuchungenV4.01.accdb - Verknüpfung.lnk [2014-06-25] ShortcutTarget: BuchungenV4.01.accdb - Verknüpfung.lnk -> D:\Programme\Buchungsprogramm\BuchungenV4.01.accdb () Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-13] ShortcutTarget: Dropbox.lnk -> C:\Users\BigWall\AppData\Roaming\Dropbox\bin\Dropbox.exe (Keine Datei) Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicLine.lnk [2014-12-05] ShortcutTarget: MagicLine.lnk -> X:\Programe\MagicLine\SML.exe (Keine Datei) Startup: C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR Genie.lnk [2015-08-28] ShortcutTarget: NETGEAR Genie.lnk -> D:\Programme\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.) GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 212.37.37.50 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{C23795F5-05BE-4B5B-905C-831E17ABC665}: [DhcpNameServer] 8.8.8.8 212.37.37.50 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.delta%2Dhomes.com%2F%3Ftype%3Dhp%26ts%3D1429785819%26from%3Dient04230%26uid%3DWDCXWD10EZEX%2D08RKKA0%5FWD%2DWCC1S814898848988&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.delta%2Dhomes.com%2F%3Ftype%3Dhp%26ts%3D1429785819%26from%3Dient04230%26uid%3DWDCXWD10EZEX%2D08RKKA0%5FWD%2DWCC1S814898848988&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bigwall.de/bigwall/deutsch/klettercentrum-muensterland.html SearchScopes: HKLM-x32 -> ielnksrch URL = SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> DefaultScope {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001 -> {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-496564312-1949498514-2425945064-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D15BD527-9ADD-4DEB-AA5F-0BAE5466D3F8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated) DPF: HKLM-x32 {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://192.168.3.90/RtspVaPgDec.cab DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxp://192.168.3.88/aplugLiteDL.cab StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programme\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2012-07-13] (VMware, Inc.) FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-02-11] (VMware, Inc.) FF Plugin-x32: Adobe Acrobat -> D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\BigWall\AppData\Roaming\Mozilla\Firefox\Profiles\96dhi7s4.default\user.js [2015-04-23] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-06-19] (Tracker Software Products (Canada) Ltd.) FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-17] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-07] CHR Extension: (Google Drive) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07] CHR Extension: (YouTube) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07] CHR Extension: (Google-Suche) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07] CHR Extension: (Google Wallet) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07] CHR Extension: (Google Mail) - C:\Users\BigWall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-25] (Adobe Systems) [Datei ist nicht signiert] R2 EpsonPEService; C:\Program Files (x86)\EPSON\TMCOMUSB\Service\EpsonPE.exe [914584 2012-01-30] (Seiko Epson Corporation) R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [396288 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [551936 2013-11-18] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R2 MSSQL$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation) S3 NETGEARGenieDaemon; D:\Programme\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 Service KMSELDI; d:\Programme\KMSpico\Service_KMS.exe [735936 2015-08-16] (@ByELDI) [Datei ist nicht signiert] R2 SFUSVC; D:\Programme\TriumphAdler\ScannerUtility\SFUSVC.exe [274499 2003-09-16] (KYOCERA MITA CORPORATION) [Datei ist nicht signiert] S4 SQLAgent$KNXETS4; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 EpsCe; C:\Windows\system32\Drivers\EpsCe.sys [91944 2014-06-25] (Seiko Epson Corporation) S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2013-11-18] (SEIKO EPSON CORPORATION) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-27] (Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-05-07] (CACE Technologies, Inc.) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation) R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2012-03-01] (Seiko Epson Corporation) S2 EpsCe2; \??\C:\Windows\system32\Drivers\EpsCe2.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-26 17:14 - 2016-05-26 17:15 - 00037573 ____C C:\Users\Theke\Desktop\Addition.txt 2016-05-26 17:13 - 2016-05-27 10:56 - 00029785 ____C C:\Users\Theke\Desktop\FRST.txt 2016-05-26 17:13 - 2016-05-27 10:56 - 00000000 ___DC C:\FRST 2016-05-26 17:12 - 2016-05-26 17:12 - 02383360 ____C (Farbar) C:\Users\Theke\Desktop\FRST64.exe 2016-05-19 14:35 - 2016-05-19 14:35 - 00000000 __SDC C:\Users\Theke\Documents\Meine Datenquellen 2016-05-14 17:23 - 2016-05-14 17:28 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Hemag-CAD 2016-05-14 17:21 - 2016-05-27 10:48 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-14 17:21 - 2016-05-14 17:21 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-05-14 17:20 - 2016-05-14 17:20 - 00000000 ___DC C:\ProgramData\Malwarebytes 2016-05-14 17:20 - 2016-03-10 14:09 - 00064896 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-14 17:20 - 2016-03-10 14:08 - 00140672 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-14 17:20 - 2016-03-10 14:08 - 00027008 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-14 17:00 - 2016-05-14 17:52 - 00000000 ___DC C:\ProgramData\Hemag-CAD 2016-05-14 17:00 - 2016-05-14 17:00 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Hemag-CAD 2016-05-14 16:59 - 2016-05-14 17:36 - 00000722 ____C C:\Users\BigWall\Desktop\HEMAG S-CAD.lnk 2016-05-14 16:59 - 2016-05-14 17:36 - 00000722 ____C C:\Users\BigWall\Desktop\HEMAG P-CAD.lnk 2016-05-14 16:59 - 2016-05-14 16:59 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HEMAG CAD 2016-05-14 16:59 - 2016-05-14 16:59 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\dlg 2016-05-14 16:58 - 2016-05-14 16:58 - 00003864 ____C C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463237915 2016-05-14 16:58 - 2016-05-14 16:58 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\Opera Software 2016-05-14 16:58 - 2016-05-14 16:58 - 00000000 ___DC C:\Users\BigWall\AppData\Local\Opera Software 2016-05-14 16:56 - 2016-05-14 16:56 - 06494208 ____C C:\Users\BigWall\AppData\Roaming\agent.dat 2016-05-14 16:56 - 2016-05-14 16:56 - 01626777 ____C C:\Users\BigWall\AppData\Roaming\Joytone.tst 2016-05-14 16:56 - 2016-05-14 16:56 - 00127488 ____C C:\Users\BigWall\AppData\Roaming\Installer.dat 2016-05-14 16:56 - 2016-05-14 16:56 - 00072717 ____C C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst 2016-05-14 16:56 - 2016-05-14 16:56 - 00018432 ____C C:\Users\BigWall\AppData\Roaming\Main.dat 2016-05-13 11:32 - 2016-05-13 11:32 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-12 14:02 - 2016-05-12 14:03 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-05-12 14:02 - 2016-05-12 14:03 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-05-12 14:02 - 2016-05-12 14:03 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-05-12 14:02 - 2016-05-12 14:03 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2016-05-11 15:19 - 2016-05-11 22:44 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 15:18 - 2016-05-11 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 15:18 - 2016-05-11 22:41 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 15:18 - 2016-05-11 22:41 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 15:18 - 2016-05-11 22:41 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 15:18 - 2016-05-11 22:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 15:18 - 2016-05-11 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 15:18 - 2016-05-11 22:39 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 15:18 - 2016-05-11 22:39 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 15:18 - 2016-05-11 22:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 15:18 - 2016-05-11 22:39 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 15:18 - 2016-05-11 22:39 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 15:18 - 2016-05-11 22:39 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 15:18 - 2016-05-11 22:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 15:18 - 2016-05-11 22:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 15:18 - 2016-05-11 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 15:18 - 2016-05-11 22:29 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-11 15:18 - 2016-05-11 22:29 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-06 11:08 - 2016-05-07 10:13 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox 2016-04-30 12:32 - 2016-04-30 12:32 - 00003189 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProfiCash.exe.lnk 2016-04-30 11:33 - 2016-04-30 11:33 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-04-30 11:06 - 2016-04-30 11:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe 2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftsrch.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\ftsrch.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx041e.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\ftlx041e.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx0411.dll 2016-04-30 11:06 - 2016-04-30 11:06 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\ftlx0411.dll 2016-04-29 10:34 - 2016-04-29 10:34 - 00001651 ____C C:\Users\Theke\Desktop\Pegasus.LNK 2016-04-28 20:56 - 2016-04-28 20:56 - 00000000 ____D C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pegasus Mail ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 10:52 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-27 10:52 - 2009-07-14 06:45 - 00031600 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-27 10:43 - 2014-04-15 20:58 - 00765264 ____C C:\Windows\system32\perfh007.dat 2016-05-27 10:43 - 2014-04-15 20:58 - 00174254 ____C C:\Windows\system32\perfc007.dat 2016-05-27 10:43 - 2009-07-14 07:13 - 01805518 ____C C:\Windows\system32\PerfStringBackup.INI 2016-05-27 10:43 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\inf 2016-05-27 10:39 - 2014-11-10 19:35 - 00000000 __RDC C:\Users\Theke\Dropbox 2016-05-27 10:37 - 2014-04-15 13:52 - 00000000 ___DC C:\ProgramData\NVIDIA 2016-05-27 10:37 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2016-05-26 19:12 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\SysWOW64\GWX 2016-05-26 19:12 - 2015-04-04 19:07 - 00000000 __SDC C:\Windows\system32\GWX 2016-05-26 15:20 - 2015-06-07 10:45 - 00000000 ___DC C:\Users\BigWall\AppData\Local\NETGEARGenie 2016-05-26 11:06 - 2014-04-17 18:50 - 00002246 ____H C:\Users\Theke\Documents\Default.rdp 2016-05-26 11:00 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\system32\FxsTmp 2016-05-24 21:39 - 2014-12-13 12:22 - 00000000 ___DC C:\Program Files (x86)\TeamViewer 2016-05-24 13:48 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-20 13:44 - 2015-12-01 11:08 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-20 04:06 - 2016-03-05 16:22 - 00000977 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-05-14 18:21 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system 2016-05-14 18:08 - 2015-06-18 13:57 - 00001224 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job 2016-05-14 17:54 - 2014-12-27 11:53 - 00003886 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-14 17:38 - 2014-09-27 09:58 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-14 17:37 - 2016-01-20 18:38 - 00000735 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2016-05-14 17:37 - 2015-08-28 13:28 - 00000912 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk 2016-05-14 17:37 - 2015-07-23 13:50 - 00002181 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-14 17:37 - 2015-07-23 13:50 - 00001153 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-14 17:37 - 2015-03-25 11:59 - 00000769 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2016-05-14 17:37 - 2014-07-04 10:27 - 00002453 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2016-05-14 17:37 - 2014-07-04 10:27 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2016-05-14 17:37 - 2014-07-04 10:18 - 00001091 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk 2016-05-14 17:37 - 2014-07-04 10:15 - 00000991 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk 2016-05-14 17:37 - 2014-06-25 15:09 - 00002079 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk 2016-05-14 17:37 - 2014-06-25 15:08 - 00002061 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk 2016-05-14 17:37 - 2014-04-15 16:34 - 00002471 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2016-05-14 17:37 - 2014-04-15 16:33 - 00002507 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-05-14 17:37 - 2014-04-15 16:13 - 00002111 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2016-05-14 17:37 - 2014-04-15 13:09 - 00001421 ____C C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-14 17:37 - 2014-04-15 11:01 - 00001333 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-05-14 17:37 - 2014-04-15 11:01 - 00001314 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-05-14 17:37 - 2009-07-14 07:01 - 00001282 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-05-14 17:37 - 2009-07-14 06:57 - 00001535 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-05-14 17:37 - 2009-07-14 06:57 - 00001318 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-05-14 17:37 - 2009-07-14 06:57 - 00001234 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-05-14 17:37 - 2009-07-14 06:54 - 00001198 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-05-14 17:37 - 2009-07-14 06:49 - 00001266 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-05-14 17:36 - 2016-02-12 15:28 - 00000727 ____C C:\Users\BigWall\Desktop\MagicISO.lnk 2016-05-14 17:36 - 2014-09-29 14:37 - 00000695 ____C C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Start Menu\Profi cash.lnk 2016-05-14 17:36 - 2014-04-17 18:40 - 00000813 ____C C:\Users\BigWall\Desktop\Pegasus Mail.LNK 2016-05-14 17:36 - 2014-04-17 15:55 - 00000640 ____C C:\Users\BigWall\Desktop\MagicDaSi.lnk 2016-05-14 17:36 - 2014-04-17 15:46 - 00000624 ____C C:\Users\BigWall\Desktop\Tools.lnk 2016-05-14 17:36 - 2014-04-17 15:46 - 00000616 ____C C:\Users\BigWall\Desktop\MagicLine.lnk 2016-05-14 17:35 - 2014-04-17 18:12 - 00000000 ___DC C:\Users\Theke 2016-05-14 17:25 - 2014-07-01 15:21 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-14 17:06 - 2015-07-09 21:24 - 00000000 ____D C:\Users\Theke\AppData\Local\CrashDumps 2016-05-14 17:06 - 2014-04-15 16:13 - 00254168 ____C C:\Users\BigWall\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-14 16:57 - 2014-04-17 18:12 - 00001451 _____ C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-14 16:19 - 2015-06-18 13:57 - 00001172 ____C C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job 2016-05-14 14:35 - 2014-07-01 15:21 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-13 16:38 - 2014-09-27 09:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-13 16:38 - 2014-06-25 09:45 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-13 16:38 - 2014-06-25 09:45 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-13 11:32 - 2014-11-10 19:31 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\Dropbox 2016-05-12 21:12 - 2014-12-11 14:38 - 00000000 ___DC C:\Windows\system32\appraiser 2016-05-12 13:55 - 2009-07-14 06:45 - 05524632 ____C C:\Windows\system32\FNTCACHE.DAT 2016-05-12 13:54 - 2010-11-21 09:16 - 00000000 ___DC C:\Program Files\Windows Journal 2016-05-11 22:38 - 2014-04-15 13:34 - 00000000 ___DC C:\Windows\system32\MRT 2016-05-11 22:29 - 2014-04-15 13:34 - 139319312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-11 14:20 - 2014-07-01 15:21 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 14:20 - 2014-07-01 15:21 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-07 19:06 - 2015-06-07 10:45 - 00369168 ____C (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00281104 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00106000 ____C (CACE Technologies, Inc.) C:\Windows\system32\packet.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00096784 ____C (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll 2016-05-07 19:06 - 2015-06-07 10:45 - 00035344 ____C (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys 2016-05-07 10:13 - 2014-06-25 09:44 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-04 14:42 - 2014-04-17 18:12 - 00254168 _____ C:\Users\Theke\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-02 13:40 - 2014-04-15 13:08 - 00000000 ___DC C:\Users\BigWall 2016-04-30 12:24 - 2014-10-09 13:42 - 00000000 ___DC C:\ProgramData\Oracle 2016-04-30 11:22 - 2016-01-30 11:26 - 00097856 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-04-30 11:22 - 2015-10-11 10:33 - 00000000 ___DC C:\Users\Theke\.oracle_jre_usage 2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Users\BigWall\.oracle_jre_usage 2016-04-30 11:22 - 2015-10-11 10:32 - 00000000 ___DC C:\Program Files (x86)\Java 2016-04-30 11:22 - 2014-10-22 08:42 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-04-30 11:19 - 2014-04-17 18:39 - 00990275 ____C C:\Windows\unins000.exe 2016-04-30 11:19 - 2014-04-17 18:39 - 00041340 ____C C:\Windows\unins000.dat 2016-04-29 11:34 - 2014-08-05 16:02 - 00000000 ___DC C:\Users\Theke\AppData\Roaming\VMware 2016-04-28 20:58 - 2014-07-26 11:42 - 00000000 ___DC C:\Users\BigWall\AppData\Local\Vidalia 2016-04-28 20:57 - 2014-07-26 11:42 - 00000000 ___DC C:\Users\BigWall\AppData\Roaming\tor ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-05-14 16:56 - 2016-05-14 16:56 - 6494208 ____C () C:\Users\BigWall\AppData\Roaming\agent.dat 2016-05-14 16:56 - 2016-05-14 16:56 - 0127488 ____C () C:\Users\BigWall\AppData\Roaming\Installer.dat 2016-05-14 16:56 - 2016-05-14 16:56 - 1626777 ____C () C:\Users\BigWall\AppData\Roaming\Joytone.tst 2016-05-14 16:56 - 2016-05-14 16:56 - 0018432 ____C () C:\Users\BigWall\AppData\Roaming\Main.dat 2016-05-14 16:56 - 2016-05-14 16:56 - 0072717 ____C () C:\Users\BigWall\AppData\Roaming\Toughdomcom.tst Einige Dateien in TEMP: ==================== C:\Users\BigWall\AppData\Local\Temp\ose00000.exe C:\Users\Theke\AppData\Local\Temp\CIB166F.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIB1FFE.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIB75CE.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIB9BE7.tmp.exe C:\Users\Theke\AppData\Local\Temp\CIBC477.tmp.exe C:\Users\Theke\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Theke\AppData\Local\Temp\ose00000.exe C:\Users\Theke\AppData\Local\Temp\PureSyncInst.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-09 12:23 ==================== Ende von FRST.txt ============================ |
27.05.2016, 10:30 | #9 |
| seltsame Browser-Startseite ""http://www.%snf%.com/"Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von BigWall (2016-05-27 11:26:17) Gestartet von C:\Users\Theke\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-04-15 11:08:46) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-496564312-1949498514-2425945064-500 - Administrator - Disabled) BigWall (S-1-5-21-496564312-1949498514-2425945064-1000 - Administrator - Enabled) => C:\Users\BigWall Gast (S-1-5-21-496564312-1949498514-2425945064-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-496564312-1949498514-2425945064-1011 - Limited - Enabled) Theke (S-1-5-21-496564312-1949498514-2425945064-1001 - Limited - Enabled) => C:\Users\Theke ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.5 - Sereby Corporation) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.1 - Angry IP Scanner) Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{D3364347-0A05-CA85-1DAD-80A7A75BF677}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Berker TS RTR Plugin 0.0.1.0 (HKLM-x32\...\{E11AC1A7-2F59-4911-90ED-E0B55D2101D6}) (Version: 0.0.1.0 - Berker GmbH & Co. KG) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bully Dog Update Agent (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\87038f485ccfb0f5) (Version: 1.1.7.8 - Bully Dog Technologies) Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version: - ) Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.2.1 - Nikon Corporation) CIB pdf brewer (HKLM\...\{230C73B3-78DF-4201-AC19-7BEE33311621}) (Version: 2.7.0002 - CIB software GmbH) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Dropbox (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.) DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version: - DVD Shrink) EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.1.0.100 - EasternGraphics) EPSON Advanced Printer Driver 4 (HKLM-x32\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.55.0400 - SEIKO EPSON CORPORATION) EPSON APD4 Point and Print Support (x32 Version: 4.55.0400 - SEIKO EPSON CORPORATION) Hidden EPSON Port Communication Service (HKLM\...\{41D2226A-AD7F-423E-A85C-A09FBD4B53DE}) (Version: 3.9.0 - SEIKO EPSON CORPORATION) EPSON TM Coupon Package (HKLM-x32\...\{60ED98A7-BE97-4F26-B32E-5087337C6044}) (Version: 1.20.0000 - Seiko Epson Corporation) <==== ACHTUNG EPSON TM Virtual Port Driver Ver.8.30b (HKLM-x32\...\{3D7277B3-B0BE-497C-A626-55F063254B5B}) (Version: 8.30.0000 - SEIKO EPSON CORPORATION) Fakturama 1.6.8 (HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\5723-2630-1175-8368) (Version: 1.6.8 - Fakturama.org) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation) GDR 4042 für SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.) Hager TR131 - Berker 8505 01 00 Plug-In (HKLM-x32\...\{C30F8D97-FB69-4EB5-A6D4-A89B27DF167E}) (Version: 1.1.0 - Hager Group) HEMAG CAD (HKU\S-1-5-21-496564312-1949498514-2425945064-1000\...\HEMAG CAD 4.0) (Version: 4.0 - Heinz Martin AG) iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) InstPortMon (x32 Version: 1.3.0.0 - InstPortMon) Hidden iSpy (64 bit) (HKLM\...\{4C5C6F38-E560-4A88-8F68-735D7A258F28}) (Version: 6.5.1.0 - DeveloperInABox) iSpy package installer (64 bit) (HKLM-x32\...\{122ec9b4-1264-45d8-b64c-b73493549025}) (Version: 6.5.1.0 - DeveloperInABox) IZArc 4.2 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.2 - Ivan Zahariev) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) KG-819 (HKLM-x32\...\KG-819V2.00) (Version: V2.00 - Quanzhou Wouxun Electronics Co.£¬Ltd. Right) KM-NET Remote Operation Panel (HKLM-x32\...\{7325D304-E5D4-11D3-A677-00C04FC337BE}) (Version: - ) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) KNX eteC Falcon Runtime v2.1 (x32 Version: 2.1.5213.27900 - KNX Association cvba) Hidden KNX ETS4 (HKLM-x32\...\KNX ETS4) (Version: 4.1.3614.46489 - KNX Association cvba) KNX ETS4 (x32 Version: 4.1.3614.46489 - KNX Association cvba) Hidden KNX ETS4 Additional Runtime (x32 Version: 4.0.0.0 - KNX Association cvba) Hidden Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation) Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Magicline - Client - Installation (HKLM-x32\...\{E40C9183-4FB7-11DB-9529-000C6E0CFD35}) (Version: 8.50.0000 - Studioline Schulz und Lorenzen KG) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2008 Management Objects (HKLM\...\{D9473D19-26F1-4B91-BBAC-4089CB41BC48}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon) NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.308.2 - Tracker Software Products (Canada) Ltd.) Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version: - David Harris) Pegasus Mail HTML Renderer 2.4.9.9 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture) Pegasus Mail v4.72 Release 1, Build 572 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version: - Sven Henze) ph (x32 Version: 1.0.0 - Your Company Name) Hidden Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.1.1 - Nikon Corporation) PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific) PL-2303HXD Vista Driver Installer (HKLM-x32\...\{503C86BF-22CB-4806-B2AE-AA79DFD8BA35}) (Version: 3.0.0.1 - Prolific Technology Inc.) Profi cash (HKLM-x32\...\Profi cash) (Version: - ) PureSync (x32 Version: 4.1.0 - Jumping Bytes) Hidden PureSync 4.1.0 (HKLM-x32\...\PureSync) (Version: 4.1.0 - Jumping Bytes) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Scanner File Utility (HKLM-x32\...\{2CA99244-798C-11D6-AF02-0010B5A02D6F}) (Version: 4.11.03 - ) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation) SketchUp 2014 (HKLM-x32\...\{9E620BD5-AEEC-492D-9065-D71FCD4C52F1}) (Version: 14.1.1282 - Trimble Navigation Limited) SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) SolarWinds Active Diagnostics 1.1.0.230 (HKLM-x32\...\{B8FB6695-3797-4DAA-B113-13CB8BBEF9C7}) (Version: 1.1.0.230 - SolarWinds, Inc.) SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server System CLR Types (HKLM\...\{F4264106-F90E-4076-98CF-1B878DB14513}) (Version: 10.0.1600.22 - Microsoft Corporation) SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation) SuperMailer 8.01 (HKLM\...\Newsletter Software SuperMailer (x64)_is1) (Version: 8.01 - Mirko Boeer Softwareentwicklungen) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) TextPad 7 (HKLM\...\{F5AF1DA4-4929-4BFA-B948-7BDD98A5405F}) (Version: 7.3.0 - Helios) Tor 0.2.4.22 (HKLM-x32\...\Tor) (Version: - ) TrayStatus 1.2.3 (HKLM-x32\...\d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1) (Version: 1.2.3.0 - Binary Fortress Software) Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version: - ) VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.1557 - VMware, Inc.) VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.) WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.) WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> D:\Programme\TextPad\System\shellext64.dll (Helios Software Solutions) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-496564312-1949498514-2425945064-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Theke\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0156C57F-19B6-4D60-968B-A1A560009C2B} - kein Dateipfad Task: {1BA50406-2782-4AB4-86B5-57FFDA8EABF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {2536D31F-5BA6-4929-BF5B-7C80157B1D55} - System32\Tasks\Opera scheduled Autoupdate 1463237915 => C:\Program Files (x86)\Opera\launcher.exe Task: {36697B45-F91B-4AEB-8B2C-B5B0D4B21CA4} - System32\Tasks\AutoPico Daily Restart => d:\Programme\KMSpico\AutoPico.exe [2015-08-16] (@ByELDI) Task: {42022E71-177B-419F-BA55-2DC04DA82D48} - System32\Tasks\{05A95BC9-1363-43EF-AF4D-6104D68E6F53} => pcalua.exe -a "C:\Users\BigWall\AppData\Local\Temp\Temp1_Visu_Version_43.zip\Version 4.3\Setup.exe" Task: {46D21548-6B37-4331-A32A-209EC09CC502} - System32\Tasks\{DC8E7AFD-49B9-4797-B1E0-C39D115E6086} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain Task: {49967A8E-D427-400D-A875-14D920BA7F9E} - kein Dateipfad Task: {4C00A8E8-9B03-46BA-82D2-CD0BC1B8811D} - kein Dateipfad Task: {64125A1C-6A67-4F47-AF96-6800765584A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {6C1A6ED9-C12D-4E8A-9058-BA024699F5C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated) Task: {76665B5F-090F-498B-8175-FC1AD68040FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) Task: {861BB689-DED5-43A0-9AF8-2D377C217591} - kein Dateipfad Task: {C587B278-05EF-4A95-A571-C73BC4E95E57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {D0855C12-0738-4134-B89A-9CB536A3E06C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) Task: {E2BDAC0B-4145-43C3-BC63-0B1D87E9AC53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {F422E66C-4BAF-4F4B-B2A0-7C5803E4F567} - System32\Tasks\{82D122E8-AA86-4958-9426-4DD200739127} => E:\setup.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001Core.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-496564312-1949498514-2425945064-1001UA.job => C:\Users\Theke\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-04-15 13:52 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () D:\Programme\FileZilla FTP Client\fzshellext_64.dll 2015-12-12 12:50 - 2012-07-20 14:39 - 02469888 _____ () D:\Programme\IZArc\IZArcCM64.dll 2014-06-25 13:28 - 2000-11-09 11:17 - 00190464 _____ () D:\Programme\TriumphAdler\ScannerUtility\HgTiff2Pdf.dll 2015-09-24 17:41 - 2015-09-24 17:41 - 00019968 _____ () D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-09-24 17:41 - 2015-09-24 17:41 - 00105984 _____ () D:\Programme\Adobe\CS6\Acrobat 10.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU 2015-12-11 13:30 - 2016-04-19 21:47 - 00034768 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-05-13 11:32 - 2016-04-19 21:48 - 00019408 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-05-13 11:32 - 2016-04-19 21:47 - 00116688 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-11 13:30 - 2016-04-19 21:47 - 00093640 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-11 13:30 - 2016-04-19 21:47 - 00018376 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-11 13:30 - 2016-05-07 00:35 - 00019760 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00105928 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-05-13 11:32 - 2016-04-19 21:47 - 00392144 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2015-12-11 13:30 - 2016-05-07 00:35 - 00381752 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-11 13:30 - 2016-04-19 21:47 - 00692688 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00020816 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-11 13:30 - 2016-04-19 21:48 - 00121296 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 01682760 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00020808 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2015-12-11 13:30 - 2016-05-07 00:35 - 00021840 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00038696 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-05-13 11:32 - 2016-04-19 21:49 - 00020936 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00024528 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32event.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00114640 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00124880 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-02-12 17:10 - 2016-05-07 00:35 - 00021832 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00175560 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00030160 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00043472 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00028616 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32ts.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00048592 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00026456 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00057808 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00117056 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00052024 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2015-12-11 13:30 - 2016-04-19 21:47 - 00134608 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-05-13 11:32 - 2016-04-19 21:47 - 00134088 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-05-13 11:32 - 2016-04-19 21:48 - 00240584 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-02-12 17:10 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-02-12 17:10 - 2016-05-07 00:35 - 00021824 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-02-12 17:10 - 2016-05-07 00:35 - 00019776 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-02-12 17:10 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00024392 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-05-13 11:32 - 2016-04-19 21:50 - 00036296 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\librsync.dll 2016-05-13 11:32 - 2016-05-07 00:34 - 00020280 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2015-12-11 13:30 - 2016-05-07 00:35 - 00023376 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00350152 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-02-12 17:10 - 2016-05-07 00:35 - 00022352 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00084280 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-05-13 11:32 - 2016-05-07 00:34 - 01826096 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-11 13:30 - 2016-04-19 21:48 - 00083912 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\sip.pyd 2016-05-13 11:32 - 2016-05-07 00:35 - 03928880 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 01971504 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00531248 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-05-13 11:32 - 2016-05-07 00:35 - 00132912 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-05-13 11:32 - 2016-05-07 00:35 - 00223544 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-05-13 11:32 - 2016-05-07 00:34 - 00207672 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-11 13:30 - 2016-04-19 21:49 - 00060880 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\win32print.pyd 2015-12-11 13:30 - 2016-05-07 00:35 - 00024904 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-05-13 11:32 - 2016-05-07 00:35 - 00546096 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-05-13 11:32 - 2016-05-07 00:35 - 00357680 _____ () C:\Users\Theke\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 1999-04-26 22:00 - 1999-04-26 22:00 - 00377856 _____ () C:\Windows\SysWOW64\TX32.DLL 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-04-30 10:45 - 2016-03-29 09:53 - 00670408 _____ () \\mailserver\PMAIL\Programs\tcpip.dll 2016-04-30 10:44 - 2014-02-12 03:43 - 00643948 _____ () \\mailserver\PMAIL\Programs\sqlite3.dll 2016-04-30 10:45 - 2013-06-28 16:39 - 00557568 _____ () \\mailserver\PMAIL\Programs\DICT.RLO ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-496564312-1949498514-2425945064-1001\...\petzldealer.com -> hxxps://www.petzldealer.com ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2014-07-04 11:25 - 00002831 ___AC C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 192.150.14.69 127.0.0.1 192.150.18.101 127.0.0.1 192.150.18.108 127.0.0.1 192.150.22.40 127.0.0.1 192.150.8.100 127.0.0.1 192.150.8.118 127.0.0.1 209-34-83-73.ood.opsource.net 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com Da befinden sich 34 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-496564312-1949498514-2425945064-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BigWall\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-496564312-1949498514-2425945064-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Theke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 212.37.37.50 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: TeamViewer9 => 2 ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{2AF505A6-FD82-4E5D-BECC-8BACD281B4FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B732E66-00C9-44FC-83E6-3B65C42394DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E92CF607-CF51-43A4-8028-008ACB195E89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FE523324-55BB-4AE4-A5EC-8C96545B54BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D5675ABB-915F-4C4E-B5AD-BEBA6CC79466}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe FirewallRules: [{489C99D0-75B8-4621-A4BA-D187EE25676E}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 4\Tools\PrinterNetworkSetting\APDNetSetting.exe FirewallRules: [{7C93B7F1-5FE2-4577-8831-EABCE06C4FCD}] => (Block) D:\Programme\Adobe\Photoshop CS2\Photoshop.exe FirewallRules: [{A252E2D6-8687-4079-9E5C-7DBCFCB50987}] => (Block) D:\Programme\Adobe\Photoshop CS2\ImageReady.exe FirewallRules: [{5483C2D1-DBB0-46F2-9219-4B6BDCD4C0D1}] => (Block) E:\VOLKSWAGEN\Keygen.exe FirewallRules: [{D24A7F60-05E0-4201-840B-395D607B3D1E}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatConf.exe FirewallRules: [{2F390EDC-EC39-445D-923D-CC1E4DB68672}] => (Allow) D:\Programme\TriumphAdler\ScannerUtility\NsCatCom.exe FirewallRules: [{18E008FA-D8D2-4C86-854E-31010171471C}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{618B0A4D-6057-48AB-84DB-2C3E0E0BEE73}] => (Allow) D:\Programme\Adobe\CS6\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{86E75673-2560-4B66-BB59-F9C1DC40FC50}] => (Allow) LPort=7935 FirewallRules: [{4E0CDC5B-0F52-4967-888C-B5A3D1E95808}] => (Block) C:\Program Files (x86)\ETS4\ETS4.exe FirewallRules: [TCP Query User{46E1C863-2B72-40B2-88F2-83A7B5B3073A}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe FirewallRules: [UDP Query User{F0E7EFF3-36C2-4253-9246-3703460A6B1F}D:\programme\vidalia bridge bundle\tor\tor.exe] => (Allow) D:\programme\vidalia bridge bundle\tor\tor.exe FirewallRules: [TCP Query User{9E0B22FC-5921-4A83-9D93-6348D240433E}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe FirewallRules: [UDP Query User{4C2169F9-71F6-4197-AFCD-F45FB3B065FA}E:\advanced\autorun.exe] => (Allow) E:\advanced\autorun.exe FirewallRules: [{CE1715D7-3622-4AF0-84F2-3132919AEA2C}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{BE84BABE-DC31-4622-9AEC-802B76B9D0B7}] => (Allow) C:\Users\Theke\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{6131C880-C76E-468D-86B6-FD61373BA71E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8B784CA0-A0CF-4F4C-995D-93908687B91D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{85F4C43F-FA8C-409C-8AAD-F07FA5F002BE}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{67A4F906-DE22-4AAA-B2CF-6A291C4A7B3A}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe FirewallRules: [TCP Query User{F0F9A621-96C0-4D38-B926-3ADA1E7FF6C3}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe FirewallRules: [UDP Query User{602D4885-E883-4AEB-A8C2-8E36933DEED1}\\mailserver\pmail\programs\winpm-32.exe] => (Allow) \\mailserver\pmail\programs\winpm-32.exe FirewallRules: [TCP Query User{501707A5-E750-40A4-9B2E-56E6A7DB6485}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{2DF280B3-F7AF-40A7-B3B7-DD80125A0C40}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{F251C477-55FA-470B-AEFE-3C321C1BA986}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{542A6A53-843B-4BA7-BD40-96627228F5E2}D:\programme\netgear genie\bin\netgeargenie.exe] => (Allow) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [{56F7E30C-A277-4F0F-AFDA-0233C3E55B8F}] => (Allow) LPort=1688 FirewallRules: [{91A8F7B3-A2C1-4FA3-8A3D-2A38F0FDAFF9}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe FirewallRules: [{2FCA0C05-9E95-4FED-9C20-50DB52C40863}] => (Allow) D:\Programme\KMSpico\Service_KMS.exe FirewallRules: [TCP Query User{C20CEFF4-3B10-4E41-9AC3-856F4D9115C9}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{308204A6-74A7-4655-A08C-36E192BF7E64}D:\programme\netgear genie\bin\netgeargenie.exe] => (Block) D:\programme\netgear genie\bin\netgeargenie.exe FirewallRules: [{C59A5CAB-1029-4BB9-8175-F5BB1121DAD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{531C66F8-2593-4160-8241-6079B2152AD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [TCP Query User{6CB8C93F-1C54-4BB9-B739-1120AA23CFFD}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe FirewallRules: [UDP Query User{0801E5DD-D24F-491E-930F-D74F93CD2121}D:\programme\superscan\superscan4.1.exe] => (Allow) D:\programme\superscan\superscan4.1.exe FirewallRules: [TCP Query User{F4A24CB2-F064-494C-998C-AADBF499F8AC}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe FirewallRules: [UDP Query User{815CAEE5-3C5F-4A37-B242-98284E8F92BE}D:\programme\ispy\ispy.exe] => (Allow) D:\programme\ispy\ispy.exe FirewallRules: [{E198830E-7026-4913-BC91-BB84177C1E90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{BBE6B44A-6A29-4A2C-8798-0CC6A5CA4F88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7DB5B5E0-7968-4583-A394-379B219F8492}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C8DCA76B-6F71-4709-A6D5-C37A0939B46B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E5914E6A-FDA3-4756-96FA-7B6BE214A6AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/27/2016 10:39:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 3.3.168.192.in-addr.arpa. PTR ThekeWin7.local. Error: (05/26/2016 03:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353 19 3.3.168.192.in-addr.arpa. PTR ThekeWin7-2.local. Error: (05/26/2016 10:57:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2016 01:37:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2016 01:50:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/23/2016 01:48:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname ThekeWin7.local already in use; will try ThekeWin7-2.local instead Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 ThekeWin7.local. Addr 192.168.3.3 Error: (05/23/2016 01:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.3.3:5353 16 ThekeWin7.local. AAAA FD00:0000:0000:0000:48BB:2BE1:1267:8EDF Systemfehler: ============= Error: (05/27/2016 10:48:52 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (05/27/2016 10:38:53 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/27/2016 10:37:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "WebDiscover Browser Startup Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/27/2016 10:37:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "EPSON PCS Parallel Port Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error: (05/27/2016 10:37:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "EpsCe2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/27/2016 10:37:18 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT) Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402. Error: (05/27/2016 10:37:18 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT) Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402. Error: (05/26/2016 07:05:50 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (05/26/2016 12:44:59 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (05/26/2016 10:56:28 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) ==================== Speicherinformationen =========================== Prozessor: AMD FX(tm)-4130 Quad-Core Processor Prozentuale Nutzung des RAM: 58% Installierter physikalischer RAM: 4079.23 MB Verfügbarer physikalischer RAM: 1678.77 MB Summe virtueller Speicher: 8156.64 MB Verfügbarer virtueller Speicher: 5552.28 MB ==================== Laufwerke ================================ Drive c: (System) (Fixed) (Total:59.62 GB) (Free:1.26 GB) NTFS Drive d: (Volume) (Fixed) (Total:931.41 GB) (Free:705 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004FDE0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 59.6 GB) (Disk ID: 00085727) Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
27.05.2016, 11:22 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Browser-Startseite ""http://www.%snf%.com/" Kannst du bitte meine Posting lesen? Ist das jetzt ein gewerblich genutztes System oder nicht? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
27.05.2016, 11:56 | #11 |
| seltsame Browser-Startseite ""http://www.%snf%.com/" ja, es ist ein gewerblicher Rechner, aber ne IT-Abteilung haben wir nicht, die bin ich so weit wie es geht selber... ;( |
27.05.2016, 12:00 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Browser-Startseite ""http://www.%snf%.com/" Ahja ok. Aber bevor es hier Support gibt liest du mal das => http://www.trojaner-board.de/108423-...-anfragen.html Denn wir löschen nachträglich keine Logfiles auch wenn dein Chef vllt später meint das müssen wir tun UND: sämtliche gecrackte Software muss runter! Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.05.2016, 10:45 | #13 |
| seltsame Browser-Startseite ""http://www.%snf%.com/" Moin Cosinuns, soweit mir bekannt, haben wir keine gecrackte Software auf dem Rechner... Gruß und Danke Rik |
29.05.2016, 20:05 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | seltsame Browser-Startseite ""http://www.%snf%.com/" 1. KMSpico => bekannter Office-Crack 2. Einträge in der hosts Datei für Adobe, damit kein Kontakt zu den Adobe-Servern mehr hergestellt werden. Auch typisch für gecrackte Software 3. Volkswagen Keygen
__________________ Logfiles bitte immer in CODE-Tags posten |
29.05.2016, 20:18 | #15 |
| seltsame Browser-Startseite ""http://www.%snf%.com/" Hi Kosinus, Danke für Deine Antwort, ich werde dem mal nachgehen. Office nutzen wir schon lange nicht mehr, entweder Lieber-Office oder OpenOffice, Adobe wird nur der Reader verwendet und dieser Volkswagen Keygen sagt mir auch nichts... Danke! |
Themen zu seltsame Browser-Startseite ""http://www.%snf%.com/" |
andere, definitiv, eingefangen, einstellungen, eurer, feiertag, feststellen, firefox, folge, folgender, gefangen, gen, gestellt, meinung, rechner, schöne, schönen, seite, seltsame, startseite, stelle, tagen, zusammen, öffnet |