Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nach Entfernung von Schadsoftware keine Internetverbindung mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.08.2015, 20:47   #1
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Guten Abend sehr geehrte Leserinnen und Leser

Heute wurde ich mit der Aufgabe beauftragt den Browser zu ändern da beim öffnen von Chrome immer eine Seite namens "istart.webssearches.com" geöffnet wird.
Da das umstellen der Google Chrome Einstellungen nichts half, suchte ich im Internet nach Hilfe. Dort wurde ich aufmerksam auf ein Programm namens "Adw Cleaner". Dieses lud ich runter, führte es aus und löschte vor allem die Dateien die die Namen dieser "Webbrowser" enthielten.
Allerdings brachte das mir nicht viel. Nach dem Neustart war das Programm verschwunden und ein Programm welches ich zuvor gelöscht hatte, war wieder da (Tango Video Calls).
Also suchte ich wieder nach Adw Cleaner aber fand nur den Microsoft eigenen Schadsoftwarebekämpfer "Windows Defender". Dieser fand nach 20 Minuten suchen ein Programm, welches ich dann löschte.
Danach startete ich den Computer neu, aber der Browser funktionierte nicht mehr und " istart.webssearches.com" war immer noch vorhanden. Stattdessen zeigte er mir die Nachricht : " Verbindung zu Proxyserver kann nicht hergestellt werden." an.
Auf einem anderen Benutzerprofil dieses Computers geht der Browser allerdings noch ohne Probleme.

Da ich in einer anderen Frage schon etwas von "Onlinebanking deaktivieren" und "Trojaner" gelesen hab, wende ich mich besorgt an euch. Ich hoffe jemand kann mir helfen, auch ohne spezifischere Angaben, da ich einfach kein Profi auf dem Gebiet bin.

Vielen Dank für's Lesen und die Hilfe

Alt 28.08.2015, 06:22   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 28.08.2015, 12:24   #3
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Ich hoffe ich mach das so richtig, hier die FRST_Datei:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
durchgeführt von Elmar1 (Administrator) auf ELMAR1-MSI (28-08-2015 12:58:58)
Gestartet von F:\
Geladene Profile: Elmar1 (Verfügbare Profile: UpdatusUser & Elmar1 & Eli8s & Hoffmeister)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Spotify Ltd) C:\Users\Elmar1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
() C:\Users\Elmar1\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MsOsd.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4055552 2010-11-08] (Sentelic Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-06] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Spotify Web Helper] => C:\Users\Elmar1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-04] (Spotify Ltd)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Spotify] => C:\Users\Elmar1\AppData\Roaming\Spotify\Spotify.exe [4736000 2013-10-04] (Spotify Ltd)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Amazon Music] => C:\Users\Elmar1\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Tango] => C:\Program Files (x86)\Tango\Tango.exe [13489992 2011-11-04] (Tango Inc.)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [InetStat] => C:\Users\Elmar1\AppData\Roaming\InetStat\inetstat.exe
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2010-12-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2010-12-24] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-03-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS PC Sound.lnk [2011-03-25]
ShortcutTarget: SRS PC Sound.lnk -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49944;https=127.0.0.1:49944
ProxyEnable: [S-1-5-21-3363573057-2169286185-1613431243-1002] => Proxy ist aktiviert.
ProxyServer: [S-1-5-21-3363573057-2169286185-1613431243-1002] => http=127.0.0.1:49944;https=127.0.0.1:49944
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1423501222&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1423501222&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.56010003&ptr=100&st=12&q={searchTerms}&barid={8EE7CE36-3108-42FF-BE2B-247C70FFD5D1}
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1434686883&from=xtab&uid=412EBAEB904A4d24A1D0EFE83A307C84&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: PriceGong - Price Comparison -> {1631550F-191D-4826-B069-D9439253D926} -> C:\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll Keine Datei
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll Keine Datei
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll Keine Datei
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL [2010-06-13] (Symantec Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{94F5DEB5-2EB5-4074-8C69-BDEDE262C939}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default
FF NetworkProxy: "type", 5
FF Homepage: hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
FF NewTab: hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-12-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-12-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3363573057-2169286185-1613431243-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Elmar1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3363573057-2169286185-1613431243-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\searchplugins\delta-homes.xml [2015-07-25]
FF SearchPlugin: C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\searchplugins\istartsurf.xml [2015-08-08]
FF SearchPlugin: C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\searchplugins\SweetIM Search.xml [2015-04-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml [2015-05-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml [2015-05-12]
FF Extension: Search Enginer - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\Extensions\ffsearch_toolbar [2015-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2012-01-07]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ffsearch_toolbar] - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\ffsearch_toolbar
FF HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.6.12\FF
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\sweetsearch@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\default_newtabff@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\defsearchp@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\quick_searchff@gmail.com [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-31]
CHR Extension: (YouTube) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-31]
CHR Extension: (Google Search) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-31]
CHR Extension: (MapsGalaxy) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-31]
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.12\pricegong.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-06-10] (Elex do Brasil Participações Ltda)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [126904 2010-07-23] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-06] (Symantec Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-08-06] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-09] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-27] (Symantec Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-06-10] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-06-10] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-06-10] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-06-10] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS [117808 2010-08-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS [1791536 2010-08-13] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSP64.SYS [715824 2010-07-29] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS [40496 2010-07-29] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [450096 2010-06-13] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [821808 2010-07-29] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174640 2011-03-25] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [168496 2010-06-27] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [381488 2010-07-13] (Symantec Corporation)
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-28 12:58 - 2015-08-28 12:59 - 00000000 ____D C:\FRST
2015-08-28 12:53 - 2015-08-28 12:54 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64 (1).exe
2015-08-28 12:53 - 2015-08-28 12:53 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64.exe
2015-08-27 22:52 - 2015-08-27 22:52 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Virtual Desktop Manager
2015-08-27 22:43 - 2015-08-27 22:44 - 00002261 _____ C:\Users\Hoffmeister\Desktop\Google Chrome.lnk
2015-08-27 22:43 - 2015-08-27 22:43 - 00001435 _____ C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Adobe
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\Google
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\FSP
2015-08-27 22:42 - 2015-08-27 22:42 - 00000020 ___SH C:\Users\Hoffmeister\ntuser.ini
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Vorlagen
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Startmenü
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Netzwerkumgebung
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Lokale Einstellungen
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Eigene Dateien
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Druckumgebung
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Documents\Eigene Musik
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Documents\Eigene Bilder
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Local\Verlauf
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Local\Anwendungsdaten
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Anwendungsdaten
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Elex-tech
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\VirtualStore
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 ____D C:\Users\Hoffmeister
2015-08-27 22:42 - 2015-06-14 17:53 - 00063568 _____ C:\Users\Hoffmeister\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-27 22:42 - 2012-02-01 20:18 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Macromedia
2015-08-27 22:42 - 2011-03-25 18:15 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\SRS Labs
2015-08-27 22:42 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-27 22:42 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-27 21:23 - 2015-08-27 21:23 - 00000000 ____D C:\Users\Eli8s\AppData\Roaming\Elex-tech
2015-08-27 20:11 - 2015-08-27 20:11 - 00000000 ____D C:\Users\Elmar1\AppData\Roaming\Elex-tech
2015-08-27 20:11 - 2015-04-17 04:43 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeNetFilter.sys
2015-08-27 19:58 - 2015-08-27 20:08 - 00000000 ____D C:\AdwCleaner
2015-08-27 19:55 - 2015-08-27 19:55 - 01618432 _____ C:\Users\Elmar1\Downloads\adwcleaner_5.004.exe
2015-08-23 06:35 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-23 06:35 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-23 06:35 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-23 06:35 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-14 05:10 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 05:10 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-14 03:38 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-14 03:38 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-14 03:38 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-14 03:38 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-14 03:38 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-14 03:38 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-14 03:38 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-14 03:36 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-14 03:36 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-14 03:36 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-14 03:36 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-14 03:36 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-14 03:36 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-14 03:36 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-14 03:36 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-14 03:36 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-14 03:36 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-14 03:36 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-14 03:36 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-14 03:36 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-14 03:36 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-14 03:36 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-14 03:36 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-14 03:36 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-14 03:36 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-14 03:36 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-14 03:36 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-14 03:34 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-14 03:34 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-14 03:34 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-14 03:34 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-14 03:34 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-14 03:34 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-08-14 03:32 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-14 03:29 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-14 03:29 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-14 03:29 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-14 03:29 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-14 03:29 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-14 03:29 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-14 03:29 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-14 03:29 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-14 03:29 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-14 03:29 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-14 03:29 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-14 03:29 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-14 03:29 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-14 03:29 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-14 03:29 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-14 03:29 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-14 03:29 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 03:29 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-14 03:29 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-14 03:29 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-14 03:29 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-14 03:29 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-14 03:29 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-14 03:29 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-14 03:29 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-14 03:29 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-14 03:29 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-14 03:29 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-14 03:29 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-14 03:29 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-14 03:29 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-14 03:29 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-14 03:29 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-14 03:29 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-14 03:29 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-14 03:29 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-14 03:29 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-14 03:29 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-14 03:29 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-14 03:29 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-14 03:29 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-14 03:29 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-14 03:29 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-14 03:29 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-14 03:29 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-14 03:29 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-14 03:29 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-14 03:29 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-14 03:29 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-14 03:29 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-14 03:28 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-14 03:28 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-14 03:28 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-14 03:28 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-14 03:28 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-14 03:28 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-14 03:28 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-14 03:28 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-14 03:28 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-14 03:28 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-14 03:28 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-14 03:28 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-14 03:28 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-14 03:28 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-11 04:33 - 2015-08-11 04:33 - 00760417 _____ C:\Users\Elmar1\Downloads\Google.html
2015-08-11 04:33 - 2015-08-11 04:33 - 00000000 ____D C:\Users\Elmar1\Downloads\Google_files
2015-08-01 01:42 - 2015-08-01 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-01 01:42 - 2015-08-01 01:42 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-28 12:57 - 2011-03-25 18:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-28 12:56 - 2013-05-06 16:34 - 00000000 ____D C:\Users\Elmar1\Tracing
2015-08-28 12:56 - 2012-12-31 12:52 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 12:56 - 2012-07-27 09:16 - 00000000 ____D C:\Users\Elmar1\AppData\Roaming\Spotify
2015-08-28 12:56 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-28 12:55 - 2011-03-25 17:37 - 01551732 _____ C:\windows\WindowsUpdate.log
2015-08-28 12:55 - 2009-07-14 06:51 - 00132228 _____ C:\windows\setupact.log
2015-08-28 12:55 - 2009-07-14 06:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 12:55 - 2009-07-14 06:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-27 22:30 - 2012-12-31 12:55 - 00002261 _____ C:\Users\Elmar1\Desktop\Google Chrome.lnk
2015-08-27 22:27 - 2012-12-31 12:52 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 22:00 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-08-27 21:24 - 2013-10-12 16:12 - 00000000 ____D C:\Users\Eli8s\AppData\Local\Spotify
2015-08-27 21:13 - 2013-09-01 17:48 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-27 20:10 - 2013-01-01 15:18 - 01060466 _____ C:\windows\PFRO.log
2015-08-27 20:02 - 2015-06-18 18:13 - 00000000 ____D C:\windows\system32\log
2015-08-23 06:15 - 2015-02-14 16:54 - 00003732 _____ C:\windows\System32\Tasks\DriverWhiz_ScheduledScan
2015-08-23 06:15 - 2015-02-14 16:54 - 00003576 _____ C:\windows\System32\Tasks\DriverWhiz_DailyScan
2015-08-17 18:21 - 2012-03-12 09:03 - 00000000 ____D C:\Users\Elmar1\Documents\Mieter
2015-08-17 18:21 - 2012-02-03 07:23 - 00000000 ____D C:\Users\Elmar1\Documents\,Entschuldigungen
2015-08-16 02:15 - 2009-07-14 06:45 - 00293256 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-16 02:11 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-08-14 05:10 - 2013-03-15 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 05:08 - 2013-03-15 23:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 05:08 - 2012-01-07 18:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 04:13 - 2013-09-01 17:48 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-14 04:13 - 2013-09-01 17:48 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 04:13 - 2013-09-01 17:48 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-14 03:40 - 2013-07-16 19:50 - 00000000 ____D C:\windows\system32\MRT
2015-08-14 03:04 - 2013-03-28 19:29 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-14 02:21 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-08-09 02:55 - 2014-10-07 14:32 - 00000000 ____D C:\Users\Elmar1\AppData\Local\SWDS
2015-08-01 01:42 - 2013-03-28 19:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Flowers
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Folder Actions
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Folder Actions Handlers
2013-06-26 18:06 - 2013-06-26 18:06 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Grand Piano
2013-04-27 06:19 - 2014-08-13 00:13 - 0006656 _____ () C:\Users\Elmar1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Fonts
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Framework
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Frameworks
2013-06-26 18:06 - 2013-06-26 18:06 - 0000268 ___RH () C:\ProgramData\Guitar
2013-06-26 18:06 - 2013-06-26 18:06 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-26 18:07 - 2013-06-26 18:12 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-26 18:07 - 2014-08-12 23:48 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-26 18:07 - 2013-07-25 20:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Einige Dateien in TEMP:
====================
C:\Users\Elmar1\AppData\Local\Temp\BrokerMediumIntegrity.exe
C:\Users\Elmar1\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Elmar1\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Elmar1\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Elmar1\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Elmar1\AppData\Local\Temp\sqlite3.dll
C:\Users\Elmar1\AppData\Local\Temp\WhiteLabelSetup.exe
C:\Users\Elmar1\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2014-10-20 19:44

==================== Ende von FRST.txt ============================
         
Und hier die Addition-Date:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-08-2015
durchgeführt von Elmar1 (2015-08-28 13:01:51)
Gestartet von F:\
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3363573057-2169286185-1613431243-500 - Administrator - Disabled)
Eli8s (S-1-5-21-3363573057-2169286185-1613431243-1004 - Limited - Enabled) => C:\Users\Eli8s
Elmar1 (S-1-5-21-3363573057-2169286185-1613431243-1002 - Administrator - Enabled) => C:\Users\Elmar1
Gast (S-1-5-21-3363573057-2169286185-1613431243-501 - Limited - Disabled)
Hoffmeister (S-1-5-21-3363573057-2169286185-1613431243-1005 - Administrator - Enabled) => C:\Users\Hoffmeister
HomeGroupUser$ (S-1-5-21-3363573057-2169286185-1613431243-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3363573057-2169286185-1613431243-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bubble Hit Bundle by GamePacks (HKLM-x32\...\Bubble Hit Bundle by GamePacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ACHTUNG
Bubble Hit by GamePacks (HKLM-x32\...\Bubble Hit by GamePacks) (Version: 1 - SweetIM Technologies LTD) <==== ACHTUNG
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1007.2702 - Micro-Star International Co., Ltd.)
Cobra 11 - Crash Time (remove only) (HKLM-x32\...\CrashTime) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.0 - Conexant)
Driver Whiz (HKLM\...\Driver Whiz) (Version: 1.0 - 383 Media, Inc.)
EasyFace2 (HKLM-x32\...\{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}) (Version: 2.0.0.14 - Micro-Star International CO.,Ltd.)
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.8 - MSI)
EasyViewer (x32 Version: 1.3.0.8 - MSI) Hidden
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.8.0.9 - Sentelic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InetStat (HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\InetStat) (Version: 0.5b - InetStat) <==== ACHTUNG
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.1.0.37 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.13580 - Symantec Corporation)
NVIDIA 3D Vision Driver 266.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.39 - NVIDIA Corporation)
NVIDIA Graphics Driver 266.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.39 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PC Sound (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.0200 - SRS Labs, Inc.)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.9.13.0 - Optimal Software s.r.o.)
PHotkey (HKLM-x32\...\{24047BE4-329D-46F7-9689-8684C7A1CFBB}) (Version: 1.00.0005 - )
Picexa (HKLM-x32\...\Picexa) (Version:  - Taiwan Shui Mu Chih Ching Technology Limited) <==== ACHTUNG
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
PriceGong 2.6.12 (HKLM-x32\...\PriceGong) (Version: 2.6.12 - PriceGong) <==== ACHTUNG
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Spotify (HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Spotify) (Version: 0.9.4.178.g259772ba - Spotify AB)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{8DB5B8FE-3F8A-4D9F-911C-F85473400859}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
SweetPacks Updater Service (HKLM-x32\...\WNLT) (Version: 5.1.5.4 - ) <==== ACHTUNG
Tango (HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
Unity Web Player (HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon)
Wajam (HKLM-x32\...\WNEnhance) (Version: 2.25.2.12 (i2.6) - WNEnhance) <==== ACHTUNG
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ACHTUNG
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{B39AA98E-C966-46C9-ACA2-D2586E300988}) (Version: 2.29.0.3 - )
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.101 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ACHTUNG
XW204E (HKLM-x32\...\{5BFF7DE6-C3F0-40F8-AC32-75D628E46C6B}) (Version: 1.00.0000 - XAVi)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

23-07-2015 07:22:50 Windows Update
27-07-2015 03:00:24 Windows Update
01-08-2015 02:22:31 Windows Update
05-08-2015 05:00:10 Windows Update
14-08-2015 02:47:33 Windows Update
14-08-2015 03:00:19 Windows Update
14-08-2015 04:58:43 Windows Update
23-08-2015 05:37:52 Windows Update
23-08-2015 06:34:21 Windows Update
27-08-2015 20:18:06 Windows Update
27-08-2015 20:36:19 Windows Defender Checkpoint

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-08-01 01:42 - 00000854 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.1	mssplus.mcafee.com

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {13AA370D-FB4E-49F7-AAD2-52D33519348A} - System32\Tasks\{1BCFEE93-0B0C-4DD5-817A-30E72E1BD5EB} => pcalua.exe -a "F:\GLUCOFACTS Deluxe Smart Launch - Win.exe" -d F:\
Task: {5E78E8DE-7EC4-4A0B-8A69-5A31A8345519} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {6AAB7EFD-87CF-4BD4-A218-02A15F107FB6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {6F316A07-9695-419D-8139-254B8D8EAD85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31] (Google Inc.)
Task: {76F3CEBB-9D40-4B5A-A7E8-5DDCCD95B1D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {AD22F666-3ABB-4C50-9ABD-C1CBF5481386} - System32\Tasks\DriverWhiz_DailyScan => C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe
Task: {C738E44E-4FD4-4BEC-B89B-9A670B311A1D} - System32\Tasks\DriverWhiz_ScheduledScan => C:\Program Files (x86)\DriverWhiz\DriverWhiz.exe
Task: {CD5675DA-4FF4-4815-8705-35391319A094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31] (Google Inc.)
Task: {E70A6A28-248D-4797-B1E7-2FD365D83EA2} - System32\Tasks\{D6805308-A45F-4828-A372-84D3DC824F2A} => pcalua.exe -a C:\Users\Elmar1\Downloads\AVM_FRITZ_WLAN_Repeater_310_Assistent.exe -d C:\Users\Elmar1\Downloads

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-03-25 18:22 - 2010-12-10 21:19 - 00104968 ____R () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2011-03-25 18:22 - 2010-12-10 21:19 - 00159752 ____R () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2011-03-25 18:22 - 2010-12-10 21:19 - 00117256 ____R () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2011-03-25 18:22 - 2010-12-10 21:19 - 00121864 ____R () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2011-02-11 07:11 - 2010-12-16 10:37 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2011-02-17 16:36 - 2010-11-08 08:50 - 00044032 _____ () C:\Program Files\FSP\KbdHook.dll
2011-02-17 16:36 - 2010-11-08 08:51 - 00070656 _____ () C:\Program Files\FSP\FspLib.dll
2013-04-05 23:55 - 2013-04-05 23:55 - 00397632 _____ () C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-10-15 17:24 - 2014-10-15 07:35 - 06281024 _____ () C:\Users\Elmar1\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-08-06 17:31 - 2014-08-06 17:31 - 00066872 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2011-03-25 18:22 - 2010-12-27 23:14 - 00776200 ____R () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2011-03-25 18:22 - 2010-12-03 20:33 - 00462856 ____R () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2015-06-18 18:13 - 2015-06-10 08:24 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2015-06-18 18:13 - 2015-04-17 04:43 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2015-06-18 18:13 - 2015-04-17 04:43 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2015-06-18 18:13 - 2015-06-10 08:24 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2011-03-25 18:22 - 2010-12-10 21:19 - 00973432 ____R () C:\Program Files (x86)\PHotkey\acAuth.dll
2011-03-25 18:22 - 2010-12-10 21:19 - 00129544 ____R () C:\Program Files (x86)\PHotkey\GFNEX.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Elmar1\AppData\Roaming\Virtual Desktop Manager\PVDesktopWallpaper_0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F411378E-867D-452F-83C9-C3A9FFFF8ADD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{21794B74-921E-480B-B991-C7D6B1F8FBFC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B33B3A88-B437-484E-9CC3-AC0156A25519}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{C02F8908-8DF7-43F7-9B4A-680338930ADC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BD0257D7-07B3-4F43-B79E-7D889025F9A4}] => (Allow) svchost.exe
FirewallRules: [{027F8327-9BB4-431D-8FA8-DD7C9372273B}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CFDAB797-9BB2-44B4-99C6-7930EBD3067F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{02FB8941-2460-4303-935E-7058F04474FF}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{3AFD69E0-47BF-46FA-8A77-580159890AD3}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D02C7A9B-3F13-46F5-86A8-B1AB55E2D802}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{DBB21F32-0BCC-4FCB-BDB6-D3564CF0F4B2}C:\users\elmar1\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\elmar1\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{88830544-E226-44D3-900C-79C15F69372F}C:\users\elmar1\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\elmar1\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7C5CCA34-D83B-4200-8031-46D7FA7C58CF}C:\users\elmar1\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\elmar1\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{68D696E1-5A4B-4C3B-904C-2B7BC68343F9}C:\users\elmar1\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\elmar1\appdata\roaming\spotify\spotify.exe
FirewallRules: [{59B2F13E-CE5A-4CD0-A707-0DD980D5E666}] => (Allow) C:\Windows\system32\dmwu.exe
FirewallRules: [{A602CC44-5F89-430A-A2B4-8B4525158E73}] => (Allow) C:\Windows\system32\dmwu.exe
FirewallRules: [{6BF8BDFA-1911-43CB-8DAE-E92851A54609}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{AA6C0CFC-C1DA-4FEE-833C-88006AB57358}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{C2DEFAFD-70EF-44EC-B584-9DD7A397EA4C}] => (Allow) C:\Windows\system32\dmwu.exe
FirewallRules: [{C18B005E-0F64-48D9-8CF8-0464664D8881}] => (Allow) C:\Windows\system32\dmwu.exe
FirewallRules: [{382ABA6D-DDF0-418A-ADBD-F8D7CDA51552}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{DD656BA9-4B57-4195-B7A8-24C2B5630F32}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [TCP Query User{DDF8A407-8C4F-4410-8AAC-DAE559DE53C0}C:\users\eli8s\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\eli8s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D145BACA-50DA-49B7-8D2E-824B97B7C5B7}C:\users\eli8s\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\eli8s\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9710A9E8-BAC9-45DE-BA03-BE27F8611861}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{32D29D5F-191C-44A8-9430-21BE2B607CFC}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{5F3C9B94-F5E0-4307-87AA-5A172A8825EA}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{45615BCB-22FA-41E1-BC9A-0404665AE376}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{7BEDC565-1496-459E-BE33-9AAFA7E3C35D}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{65DF8099-DD7F-4C18-B01F-36CA967FB6A2}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{DE5CFF0D-DF75-4C91-99CD-3915E8F76D63}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{4DC5706D-3111-4324-9EBA-3981188C976F}] => (Allow) C:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{DDEF222E-C4EA-454C-806F-225CAA80F44E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{16769173-B06C-4FC2-A1F6-D4D1CAD54F29}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{13A40AF1-45C6-4D95-A1B8-893499253077}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4BC06403-DF5E-48F3-8920-B0A49020E768}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A3EAC7BA-E484-4956-921C-FD655C040714}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [{262DA4D2-E877-413A-AA30-781717914B4E}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [TCP Query User{4823128D-D4A4-4A14-AA59-9DC7588FF6CE}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
FirewallRules: [UDP Query User{6BB17E70-F309-4F2B-B760-51D70A458F96}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
FirewallRules: [{16535A81-CA95-44B7-A938-82A36C290B05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8297311-066F-4E1F-ACCB-B5F9BFD55FD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{639C4315-AD4E-4581-8406-F238C8A37D21}C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe
FirewallRules: [UDP Query User{D570C534-53FE-447F-8E0A-CA30603B96F8}C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe
FirewallRules: [TCP Query User{F0F534C1-2352-4669-9AA2-2D692ADF27D4}C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe
FirewallRules: [UDP Query User{0EE3E6D8-2AA0-4767-B5CF-BC8CDE4652EF}C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\elmar1\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe
FirewallRules: [{1135EBEC-4BF3-45F1-BE3B-F289021844AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/27/2015 10:41:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvXDSync.exe, Version: 7.17.12.6639, Zeitstempel: 0x4d13f16c
Name des fehlerhaften Moduls: NvXDSync.exe, Version: 7.17.12.6639, Zeitstempel: 0x4d13f16c
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000068a36
ID des fehlerhaften Prozesses: 0x5ac
Startzeit der fehlerhaften Anwendung: 0xNvXDSync.exe0
Pfad der fehlerhaften Anwendung: NvXDSync.exe1
Pfad des fehlerhaften Moduls: NvXDSync.exe2
Berichtskennung: NvXDSync.exe3

Error: (08/02/2015 02:51:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 44.0.2403.107 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1070

Startzeit: 01d0ccbd35edaeda

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 92866970-38b0-11e5-bc65-e0699564e4ea

Error: (08/01/2015 02:30:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b30

Startzeit: 01d0cbea31751117

Endzeit: 2080

Anwendungspfad: C:\windows\Explorer.EXE

Berichts-ID: 79f1e3af-37e4-11e5-9da8-e0699564e4ea

Error: (07/18/2015 03:16:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Elmar1-MSI)
Description: Produkt: Adobe Reader XI (11.0.11) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011012}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/17/2015 01:00:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: Elmar1-MSI)
Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/01/2015 03:20:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 41.0.2272.101, Zeitstempel: 0x5503f436
Name des fehlerhaften Moduls: chrome.dll, Version: 41.0.2272.101, Zeitstempel: 0x5503f08d
Ausnahmecode: 0x80000003
Fehleroffset: 0x000253dc
ID des fehlerhaften Prozesses: 0x10f4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (03/25/2015 04:13:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17689, Zeitstempel: 0x54e6869b
Name des fehlerhaften Moduls: Flash64_16_0_0_305.ocx, Version: 16.0.0.305, Zeitstempel: 0x54cfff80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000008ef797
ID des fehlerhaften Prozesses: 0x15ec
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (03/25/2015 04:05:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm sllauncher.exe, Version 5.1.30514.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1630

Startzeit: 01d066a001216eea

Endzeit: 12

Anwendungspfad: C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

Berichts-ID: 4d8d6d84-d293-11e4-ac0a-e0699564e4ea

Error: (03/21/2015 01:34:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 41.0.2272.89 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 166c

Startzeit: 01d063c9da44b787

Endzeit: 61

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 37abd033-cfbe-11e4-b848-e0699564e4ea

Error: (03/10/2015 08:10:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f8437a
Name des fehlerhaften Moduls: nsib.dll, Version: 5.1.5.4, Zeitstempel: 0x54aabf58
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00121c60
ID des fehlerhaften Prozesses: 0x1fd8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


Systemfehler:
=============
Error: (08/27/2015 08:11:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YAC NDIS Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/27/2015 08:11:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
iSafeNetFilter

Error: (08/27/2015 08:08:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (08/27/2015 08:08:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 08:08:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 08:08:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 08:08:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 08:08:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 08:08:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "SSFK" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1058

Error: (08/27/2015 08:08:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SSFK" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (08/27/2015 10:41:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvXDSync.exe7.17.12.66394d13f16cNvXDSync.exe7.17.12.66394d13f16c400000150000000000068a365ac01d0e10607214c31C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exeC:\Program Files\NVIDIA Corporation\Display\NvXDSync.exef1410abf-4cfb-11e5-ad2e-e0699564e4ea

Error: (08/02/2015 02:51:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe44.0.2403.107107001d0ccbd35edaeda5C:\Program Files (x86)\Google\Chrome\Application\chrome.exe92866970-38b0-11e5-bc65-e0699564e4ea

Error: (08/01/2015 02:30:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17514b3001d0cbea317511172080C:\windows\Explorer.EXE79f1e3af-37e4-11e5-9da8-e0699564e4ea

Error: (07/18/2015 03:16:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: Elmar1-MSI)
Description: Adobe Reader XI (11.0.11) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011012}1625(NULL)(NULL)(NULL)

Error: (05/17/2015 01:00:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: Elmar1-MSI)
Description: Adobe Reader XI (11.0.10) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (04/01/2015 03:20:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.1015503f436chrome.dll41.0.2272.1015503f08d80000003000253dc10f401d06c195bb085deC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\chrome.dll48c4bd0a-d80d-11e4-ac4f-e0699564e4ea

Error: (03/25/2015 04:13:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1768954e6869bFlash64_16_0_0_305.ocx16.0.0.30554cfff80c000000500000000008ef79715ec01d066a067e375c0C:\Program Files\Internet Explorer\IEXPLORE.EXEC:\windows\system32\Macromed\Flash\Flash64_16_0_0_305.ocx8f59cda0-d294-11e4-ac0a-e0699564e4ea

Error: (03/25/2015 04:05:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: sllauncher.exe5.1.30514.0163001d066a001216eea12C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe4d8d6d84-d293-11e4-ac0a-e0699564e4ea

Error: (03/21/2015 01:34:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.89166c01d063c9da44b78761C:\Program Files (x86)\Google\Chrome\Application\chrome.exe37abd033-cfbe-11e4-b848-e0699564e4ea

Error: (03/10/2015 08:10:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe36.0.1.554254f8437ansib.dll5.1.5.454aabf58c000000500121c601fd801d05b5d765c8030C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SysWOW64\mjcm\5154\nsib.dllb43d6956-c750-11e4-abbc-e0699564e4ea


==================== Speicherinformationen =========================== 

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 4008.21 MB
Verfügbarer physikalischer RAM: 2496.79 MB
Summe virtueller Speicher: 8314.63 MB
Verfügbarer virtueller Speicher: 6633.71 MB

==================== Laufwerke ================================

Drive c: (OS_Install) (Fixed) (Total:279.46 GB) (Free:142.8 GB) NTFS
Drive d: (Data) (Fixed) (Total:174.21 GB) (Free:174.09 GB) NTFS
Drive f: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
Drive w: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:2.25 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3361844E)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 2326B66D)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         

Ich hoffe du kannst damit etwas anfangen und bedanke mich schonmal für die Hilfe
__________________

Alt 29.08.2015, 08:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Bubble Hit Bundle by GamePacks (HKLM-x32\...\Bubble Hit Bundle by GamePacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ACHTUNG

    Bubble Hit by GamePacks

    InetStat

    Picexa

    PriceGong 2.6.12

    SweetPacks Updater Service

    Wajam

    webssearches uninstall

    WinZipper

    YAC


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.08.2015, 15:15   #5
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Also bei ComboFix lief alles ohne gemeckere, aber ich hatte zwei kleine Probleme mit Revo Uninstaller. Zum einen habe ich WinFlash gelöscht da ich dachte es gehört zu WinZipper, aber wie es sich herausgestellt hat ist es ein vorinstalliertes Programm von Asus... naja ich hoffe dass der Rechner auch ohne WinFlash weiter läuft. Zum anderen konnte ich YAC nicht richtig deinstallieren. Ich bekam immer die Nachricht, dass die übrigen Dateien nach einem Neustart gelöscht werden würden. Allerdings war YAC nach einem Neustart immer noch vorhanden und ich deinstallierte es über Start>Systemsteuerung>Programme deinstallieren. Ich hoffe das erfüllt auch seinen Zweck, ansonsten muss ich noch einmal Adw Cleaner oder ähnliches durchlaufen lassen.

Hier nun der ComboFix Logfile:

Code:
ATTFilter
ComboFix 15-08-27.01 - Elmar1 29.08.2015  14:42:40.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4008.2775 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MiuiTab\SupTab.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-07-28 bis 2015-08-29  ))))))))))))))))))))))))))))))
.
.
2015-08-29 13:49 . 2015-08-29 13:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-08-29 13:49 . 2015-08-29 13:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-08-29 13:49 . 2015-08-29 13:49	--------	d-----w-	c:\users\Eli8s\AppData\Local\temp
2015-08-29 11:23 . 2015-08-29 12:07	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-08-29 00:08 . 2015-07-31 09:21	11745192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{282E326F-E3FD-4B7A-A796-DB57CADB876E}\mpengine.dll
2015-08-28 10:58 . 2015-08-28 11:03	--------	d-----w-	C:\FRST
2015-08-27 20:42 . 2015-08-27 20:42	--------	d-----w-	c:\users\Hoffmeister
2015-08-27 19:23 . 2015-08-27 19:23	--------	d-----w-	c:\users\Eli8s\AppData\Roaming\Elex-tech
2015-08-27 17:58 . 2015-08-27 18:08	--------	d-----w-	C:\AdwCleaner
2015-08-23 04:35 . 2015-08-11 01:20	25191936	----a-w-	c:\windows\system32\mshtml.dll
2015-08-23 04:35 . 2015-08-11 01:14	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-08-23 04:35 . 2015-08-11 00:33	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-08-14 03:10 . 2015-07-30 13:13	103120	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 03:10 . 2015-07-30 13:13	124624	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 01:36 . 2015-07-15 18:15	5568960	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-08-14 01:34 . 2015-07-10 17:51	3722752	----a-w-	c:\windows\system32\mstscax.dll
2015-08-14 01:32 . 2015-07-15 03:19	52736	----a-w-	c:\windows\system32\basesrv.dll
2015-08-14 01:28 . 2015-07-01 20:49	260096	----a-w-	c:\windows\system32\WebClnt.dll
2015-07-31 23:42 . 2015-07-31 23:42	--------	d-----w-	c:\program files\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-14 02:13 . 2013-09-01 15:48	778440	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-14 02:13 . 2013-09-01 15:48	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-14 01:04 . 2013-03-28 17:29	132483416	----a-w-	c:\windows\system32\MRT.exe
2015-07-15 17:54 . 2015-08-14 01:36	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-18 01:09	2087424	----a-w-	c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-18 01:09	1414656	----a-w-	c:\windows\SysWow64\ole32.dll
2015-06-23 11:30 . 2012-12-31 11:09	300704	------w-	c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-18 01:10	404992	----a-w-	c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-18 01:10	312320	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-18 01:07	112064	----a-w-	c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-18 01:07	3242496	----a-w-	c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-18 01:07	504320	----a-w-	c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-18 01:07	1941504	----a-w-	c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-18 01:07	70656	----a-w-	c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-18 01:07	128000	----a-w-	c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-18 01:07	2364416	----a-w-	c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-18 01:07	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-18 01:07	1805824	----a-w-	c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-18 01:07	73216	----a-w-	c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-18 01:07	25088	----a-w-	c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-18 01:07	25088	----a-w-	c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-18 01:11	254976	----a-w-	c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-18 01:11	210432	----a-w-	c:\windows\SysWow64\cewmdm.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Elmar1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-04 1140736]
"Spotify"="c:\users\Elmar1\AppData\Roaming\Spotify\Spotify.exe" [2013-10-04 4736000]
"AmazonMP3DownloaderHelper"="c:\users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-04-05 397632]
"Amazon Music"="c:\users\Elmar1\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-10-15 6281024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-05 1112920]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 330456]
SRS PC Sound.lnk - c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe /h [2011-1-14 1939800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 MGHwCtrl;MGHwCtrl;c:\utility\Silent\MGHwCtrl.sys;c:\utility\Silent\MGHwCtrl.sys [x]
R3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1201000.025\SYMDS64.SYS [x]
R3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1201000.025\SYMEFA64.SYS [x]
R3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1201000.025\Ironx64.SYS [x]
R3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1201000.025\SYMNETS.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe;c:\program files (x86)\PHotkey\GFNEXSrv.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe service [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys;c:\program files (x86)\PHotkey\PEGAGFN.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_wlh64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-23 03:28	993608	----a-w-	c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-01 02:13]
.
2015-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 11:28]
.
2015-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-31 11:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\system32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.v9.com/?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
uDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1423501222&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
mDefault_Page_URL = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
mStart Page = hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49944;https=127.0.0.1:49944
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag
FF - prefs.js: network.proxy.type - 5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1631550F-191D-4826-B069-D9439253D926} - c:\program files (x86)\PriceGong\2.6.12\PriceGongIE.dll
BHO-{1F91A9A1-01BA-4c81-863D-3BA0751E1419} - c:\program files (x86)\MiuiTab\SupTab.dll
BHO-{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - c:\program files (x86)\MiuiTab\SupTab.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-InetStat - c:\users\Elmar1\AppData\Roaming\InetStat\inetstat.exe
Wow6432Node-HKCU-Run-PCSpeedUp - c:\program files (x86)\PC Speed Up\PCSUNotifier.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-08-29  15:54:18
ComboFix-quarantined-files.txt  2015-08-29 13:54
.
Vor Suchlauf: 12 Verzeichnis(se), 160.056.737.792 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 162.888.835.072 Bytes frei
.
- - End Of File - - 2B30A9E7246B1528D6FF2BA07FAB2948
         

Gruß Eli8s


Geändert von Eli8s (29.08.2015 um 15:17 Uhr) Grund: Höfflichkeit

Alt 30.08.2015, 11:30   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Nach Entfernung von Schadsoftware keine Internetverbindung mehr

Alt 30.08.2015, 16:07   #7
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Guten Morgen/Mittag/Abend,
da das Lofile von MBAM so groß war, und ich nicht weiß ob und wie ich es komprimieren soll, schicke ich das Logfile in zwei Nachricht



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 30.08.2015
Suchlaufzeit: 15:03
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.06.03.03
Rootkit-Datenbank: v2015.06.02.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Elmar1

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 487070
Abgelaufene Zeit: 35 Min., 35 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 43
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\APPID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}, In Quarantäne, [afa0cbeb5139fc3ac512a1c8b1528977], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}, In Quarantäne, [afa0cbeb5139fc3ac512a1c8b1528977], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}, In Quarantäne, [afa0cbeb5139fc3ac512a1c8b1528977], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [46094c6a3753320414f9174ea75c24dc], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [46094c6a3753320414f9174ea75c24dc], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [46094c6a3753320414f9174ea75c24dc], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [46094c6a3753320414f9174ea75c24dc], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [46094c6a3753320414f9174ea75c24dc], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [65eac3f3335733031e0282dbdc27f20e], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [65eac3f3335733031e0282dbdc27f20e], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [65eac3f3335733031e0282dbdc27f20e], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}, In Quarantäne, [0b44bef81179c86efade0366ff04c33d], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}, In Quarantäne, [0b44bef81179c86efade0366ff04c33d], 
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [62edaf07771347ef4d01267a1ce7ee12], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [62edaf07771347ef4d01267a1ce7ee12], 
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, In Quarantäne, [2c239620701ab1853c684eab5ca76a96], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\APPID\PriceGongIE.DLL, In Quarantäne, [c28dc2f41b6ff5415940b383da2a15eb], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\PriceGongIE.DLL, In Quarantäne, [0d422195028858de8316b97d749027d9], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [c48bf9bdfe8c90a62ca7ffe5be45ba46], 
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT, In Quarantäne, [1c33dbdb66242511f9cf59f72fd6669a], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [1b34a4127c0e68ce5c72000e62a2db25], 
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [55faa70f71193df93f4b1dc8c340da26], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [df70d6e01e6cb3834409e610659e817f], 
PUP.Optional.Picexa.A, HKLM\SOFTWARE\WOW6432NODE\PicexaSvc, In Quarantäne, [bc93496dc0ca65d15f4d7807b352728e], 
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, In Quarantäne, [78d756609feb47efa103cd2cba4952ae], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [d679219589010c2a548a4c1c867f05fb], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, In Quarantäne, [341bfdb944467bbb5f73f008de2503fd], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [123d74427f0bc07659ef53d5ab59b947], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PriceGongIE.DLL, In Quarantäne, [440bbafc4842c6703d5c7fb7778d9769], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [470872444c3e69cdcbd050e630d447b9], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [78d78531d7b33afcf2e13fa5b053ca36], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [410e288eb2d86acc0721d7332dd7a15f], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [133c09ada9e1f73f1a229d630400a45c], 
PUP.Optional.SweetIM.A, HKU\S-1-5-18\SOFTWARE\SweetIM, In Quarantäne, [113e7e380f7bb185ae2356a20bf88a76], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, In Quarantäne, [113ecbeba8e2c86ee4e3cd8325e04db3], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\SweetIM, In Quarantäne, [381709ad7119c96d05cc19df867dba46], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\WajIEnhance, In Quarantäne, [f659981eb0da31058c5649aedd26728e], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [212e66500d7d3bfbcd41c8208b789a66], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [a0afded81773e254fd116b7d10f39b65], 
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [5bf456603852cd69c437ec8a6b9adb25], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [afa086309febe15558b64d9b1be8b947], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\SweetIM, In Quarantäne, [b897595d226863d3c60bcd2b08fb54ac], 
PUP.Optional.Incredibar.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}, In Quarantäne, [e966edc96921033325ef7902b84d2ed2], 

Registrierungswerte: 27
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}, In Quarantäne, [c48bf9bdfe8c90a62ca7ffe5be45ba46]
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WNLT|PDV, [UPGRADEONIDLE] [BLACKLIST=1] [TAILUPGRADECAPTURE], In Quarantäne, [1c33dbdb66242511f9cf59f72fd6669a]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}, In Quarantäne, [78d78531d7b33afcf2e13fa5b053ca36]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, hxxp://search.sweetim.com/search.asp?src=6&crg=3.56010003&ptr=100&st=12&q={searchTerms}&barid={8EE7CE36-3108-42FF-BE2B-247C70FFD5D1}, In Quarantäne, [08472e88e1a91d1912e5e5fff112ff01]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconURL, hxxp://cdn.web.sweetim.com/toolbarff/searchplugin/sweetim.ico, In Quarantäne, [0b4440767b0f2d09af4821c37192d927]
PUP.Optional.QuickSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\quick_searchff@gmail.com, In Quarantäne, [59f6b006880286b0641904e2689bdb25]
PUP.Optional.SweetSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\sweetsearch@gmail.com, In Quarantäne, [ec631d991d6dfb3b7a04ecfa4fb40ff1]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cvs, In Quarantäne, [410e288eb2d86acc0721d7332dd7a15f]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [113ecbeba8e2c86ee4e3cd8325e04db3]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [212e66500d7d3bfbcd41c8208b789a66]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [a0afded81773e254fd116b7d10f39b65]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://do-search.com//favicon.ico, In Quarantäne, [9cb3ffb7b8d29e98d43a91573fc41ae6]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, istartsurf, In Quarantäne, [5bf456603852cd69c437ec8a6b9adb25]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1434686883&from=xtab&uid=412EBAEB904A4d24A1D0EFE83A307C84&q={searchTerms}, In Quarantäne, [aea1af07dbaf48ee2fcc81f558ad9070]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}, In Quarantäne, [89c6ddd9c7c35bdb686a974d3ac91be5]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [afa086309febe15558b64d9b1be8b947]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconURL, hxxp://home.sweetim.com/favicon.ico, In Quarantäne, [034c5a5c6c1ecd695a9ce6fe649f31cf]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconURLFallback, hxxp://home.sweetim.com/favicon.ico, In Quarantäne, [74db496d99f10f277a7cb331956e02fe]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|TopResultURL, hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8EE7CE36-3108-42FF-BE2B-247C70FFD5D1}&UPN2=92545754708685833&&st=23&did=10963&ptr=100, In Quarantäne, [d37c06b051390c2a8472ac38bd467e82]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|TopResultURLFallback, hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8EE7CE36-3108-42FF-BE2B-247C70FFD5D1}&UPN2=92545754708685833&&st=23&did=10963&ptr=100, In Quarantäne, [3e110fa7bad0eb4bf600e6fe53b09a66]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [96b92b8bdfab0d294bc345a33ac92ad6]
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}, C:\Program Files (x86)\PriceGong\2.6.12\FF, In Quarantäne, [8ac59a1c7416b581d41e57b81ee69070]
PUP.Optional.Incredibar.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|FaviconURL, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [e966edc96921033325ef7902b84d2ed2]
PUP.Optional.Incredibar.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|FaviconURLFallback, hxxp://mystart.incredibar.com/favicon.ico, In Quarantäne, [400f496d2664f244d440413a8d78bf41]
PUP.Optional.Incredibar.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|TopResultURL, hxxp://mystart.incredibar.com/?a=6PRwbUzmrv&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [c9868d293a50e551db39592263a21de3]
PUP.Optional.Incredibar.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|TopResultURLFallback, hxxp://mystart.incredibar.com/?a=6PRwbUzmrv&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [212ebdf9a0eaab8b4fc58bf0b25323dd]
PUP.Optional.Incredibar.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|URL, hxxp://mystart.incredibar.com/?a=6PRwbUzmrv&loc=skw&search={searchTerms}&i=26&did=10963, In Quarantäne, [67e808ae33574beb6ca8f7845fa660a0]

Registrierungsdaten: 15
PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[d07f86308dfd38fe1caa131640c6cd33]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[d37c0fa72763d5614b5c75be4cba38c8]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}),Ersetzt,[e16e6155e1a9ee48c23238efda2c619f]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[282702b4d2b858de9c2a56d346c0ae52]
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[85ca81358802f3433a8c16130afca25e]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1423501174&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}),Ersetzt,[5ff01e98ddadfc3aa94bd94e6c9a5da3]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[7fd03b7b99f183b31b8c51e224e2926e]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[f659387ea3e7ce68615f3aef9c6aaa56]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[b29d82341c6e6acc853b1b0eef1742be]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[7cd30da9602a88aea11f15148185e11f]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[420da016fc8e43f34e72fb2e01059e62]
PUP.Optional.V9.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[c38ccde97d0d74c23789bc6d0afcd927]
PUP.Optional.V9.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[a6a94b6bc2c879bd813fba6faa5cf808]
PUP.Optional.V9.A, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com/?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag, Gut: (www.google.com), Schlecht: (hxxp://www.v9.com/?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag),Ersetzt,[0f40912597f3bb7b5a6683a641c5966a]
PUP.Optional.WebsSearches, HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=dspp&ts=1423501222&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=dspp&ts=1423501222&from=cvs&uid=HitachiXHTS545050B9A300_110109PBN403M7DV449EX&q={searchTerms}),Ersetzt,[e8677541bcceea4cf8fde542000653ad]

Ordner: 95
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\SweetPacks, In Quarantäne, [034c8630aedc39fd48ba5180798af010], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
FraudTool.YAC, C:\Users\Eli8s\AppData\Roaming\Elex-tech\YAC, In Quarantäne, [d27d8333741641f5e84be5fae2217888], 
FraudTool.YAC, C:\Users\Eli8s\AppData\Roaming\Elex-tech\YAC\iDesk, In Quarantäne, [d27d8333741641f5e84be5fae2217888], 
FraudTool.YAC, C:\Users\Eli8s\AppData\Roaming\Elex-tech\YAC\log, In Quarantäne, [d27d8333741641f5e84be5fae2217888], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC\iDesk, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC\log, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\adapter, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\abstractbutton, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\abstractbutton\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\alert, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\alert\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml\html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript\html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\flare, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\flare\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\flare\icons, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\generic, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\generic\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\link, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\link\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\images, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\rss, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\rss\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\thirdparty, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\thirdparty\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\uninstall, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\uninstall\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\weather, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\weather\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\common, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\rss, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\rss\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps\css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\weather, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\weather\css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\weather\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\window, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\foreground, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\radioWrapper, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search\background, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search\html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\libs, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\_metadata, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd],
         

Alt 30.08.2015, 16:08   #8
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Code:
ATTFilter
Dateien: 382
PUP.Optional.DomaIQ, C:\Users\Eli8s\Downloads\Java.exe, In Quarantäne, [b7984f675d2d76c070490fafb24fcb35], 
PUP.Optional.DomaIQ, C:\Users\Eli8s\Downloads\Setup.exe, In Quarantäne, [2926cceaa4e61d19050fc19b50b1db25], 
PUP.Optional.SweetIM, C:\Users\Elmar1\Downloads\bubblehit_mp_pgr (1).exe, In Quarantäne, [61ee13a3c4c60630b48995c50bfb867a], 
PUP.Optional.SweetIM, C:\Users\Elmar1\Downloads\bubblehit_mp_pgr (2).exe, In Quarantäne, [79d63383bbcf9a9c83ba60fad036a957], 
PUP.Optional.SweetIM, C:\Users\Elmar1\Downloads\bubblehit_mp_pgr (3).exe, In Quarantäne, [0847aa0ccac059ddd26bfc5e19ed54ac], 
PUP.Optional.SweetIM, C:\Users\Elmar1\Downloads\bubblehit_mp_pgr.exe, In Quarantäne, [aba48630cdbd2c0adb62a9b10bfbd729], 
PUP.Optional.SoftPulse, C:\Users\Elmar1\Downloads\Player (1).exe, In Quarantäne, [ce81ac0a78126cca0e30b067f2103bc5], 
PUP.Optional.SoftPulse, C:\Users\Elmar1\Downloads\Player.exe, In Quarantäne, [c28d43730882f93d58e6a473da28f010], 
PUP.Optional.SweetIM.C, C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\searchplugins\SweetIM Search.xml, In Quarantäne, [3916496da1e9231314cd965754af21df], 
PUP.Optional.IStartSurf.A, C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\searchplugins\istartsurf.xml, In Quarantäne, [61ee8630abdfa294775236d6af5539c7], 
PUP.Optional.Delta.A, C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\searchplugins\delta-homes.xml, In Quarantäne, [fc5360561c6e1323e488bd5a7b8901ff], 
PUP.Optional.V9.A, C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage, In Quarantäne, [89c6a70f2763b58106cb021d4abac937], 
PUP.Optional.V9.A, C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage-journal, In Quarantäne, [9bb465519feba88ee5eccf50dd276f91], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\uninstall.exe, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\amazon.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\argos.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\ask.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\bestbuy.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\ebay.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\etsy.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\facebook.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\favicon.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\google.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\homedepot.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\ikea.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\imdb.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\lowes.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\mercado.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\mysearchweb.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\myshopping.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\searchresult.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\sears.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\setting.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\settings.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\shopping.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\target.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\tesco.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\tripadvisor.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\twitter.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\wajam.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\walmart.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\wiki.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\yahoo.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\Logos\zalando.ico, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\00e010a002f9c5be9cffb613d1d1a74b, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\01ea94013c12ab77a32518733abd97cc, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\1153ee9953a8d86704b766bd7609d800, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\115f6caef5074869922ef20b785a4843, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\121994bee7d882e0f6eab3a3fba33c8b, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\183579c9bdcfd2a6acdd69aa6d7be4d8, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\18a3f01fb302ef3b8bfc0656e59d49e8, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\1909d9837d4bcab2664ecd0d08e55fda, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\1a79481564ec9035d56c0626bb372ba2, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\dcba9743695393b511c11bc3bb35df63, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\e0bb77ad2683343b19004ae3a56af722, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\e236aadac1c11eadc95b8b1fb2e01d0d, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\e252292f507320bc7be314897e987242, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\e5cca93dc1ab51b874334bd320aadf4b, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\e73aa3af0614138c58c42d75998080d4, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\e755d71cb9a718252b13ecaccadc5b32, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\ec5946e0ca4e2d9768c1cd13d4d8c1b4, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\f22d252b1b25c21f6be5bd2d39c5148b, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\950b4a3c70353bb8fd7053a37aa3cd5d, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\99dbb57b302235ee87b90fe28078d5f2, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\9e065fe2d4f7bc4b8b221e13447c454e, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\a02472578c490b164f6cfd3717508982, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\a71e9a62cadf3580270f3369b2000988, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\ab3c33ba6018c8b2cc7561280a93d310, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\abdc41ef5866c525ee12a516d6a8a1c4, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\ac77c1e510e0aa15cf055fb37536ee62, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\af6729fc0be3979278cb343116293090, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\ApiHandlr.dll, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\b3e504ae6ea1ac21d8fd94967ebd6b1e, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\b47da5459e5dd8d58e95de3edd386533, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\b5ee3c46972a98083c47fb2bd1f489f1, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\3faf659aabcdc216615212900c3e245b, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\4108f662567a75fab64024198397c785, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\4aace70ded70d2c06b21005f5e85bb0e, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\4e42d5f103f0ab3b5efd68ce6a5c1154, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\533d99a69c1b7b26552038b2c31992ab, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\536ad344f2fbf4a0248c646c63b872f1, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\5813882f6115027e854125833ba56a47, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\58f65d5629e88e0e1903ee93c3c52cdf, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\5ac749c50ff934fda6dc1ed8703650b8, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\615c65bae992f6b49b19d4fc8323aed3, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\65d64d01821c74db24381acea14df84f, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\6884222ed3f9e8486e3ff5b7dcfcb5d0, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\6b9f891b1faa18929819a8a98327e12e, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\6e3fb76433c84493d6a5ab8a2132e4cf, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\6f1960aa70eda0d8d0f6c7e353cfd355, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\74757ecd6d26f239d3c361e551ac5b44, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\dba5d5eaa194a5422a01e670dd73b448, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\f580f192faef065646dc424c4d1e4086, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\f9042ea84e9f9439c42a11100a3ca4f1, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\fe9ec3f35df166c1fbd04c86b0a193d1, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\FiddlerCore.dll, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\HtmlAgilityPack.dll, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\InternetEnhancer.exe, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\InternetEnhancerService.exe, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\makecert.exe, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\Newtonsoft.Json.dll, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\setup.exe, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\WHttpServer.exe, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\wie, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\WJManifest, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\b75f523e6129fea11f2e6c7c7ad97dcd, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\ba417b81c5ab55c8f35097e74250ad62, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\bbc1d408be2a6cde7a23d9848bb35fc6, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\bc0e8acf5e9055ff0ea289d49ed16c07, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\c2d6bf9467b8135846f7dfd831f8342c, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\c4dff06df90d237f60af7cde228676fc, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\c705a7733a1411890da5b85c61ecfb38, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\c7e3a6679403683aa3acdc22401d3ae7, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\c9f8cfb305d1d34204d6babc5edb641e, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\d2149dc63caf90f2edf3c4393a277354, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\d242a6dae42729acd2a86bb532d66eac, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\d4f24bb0b770e9246d82bd583288316f, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\76903b76acd08bce331ad048f795b3a2, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\80e00d9efbedfa63b80f1dcb7c4268c0, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\840a0555087646726dc34f134d4cad1b, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\84146ba2b7f1396b35bbbd57e88fc665, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\88481d2bc1c7b67b1be052a8d1c0302b, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\8aed266f25d080410fdb8ebf887716c3, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\8e62a034d0f61c31bc3a1e51bebe100d, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\924b2b2464d3a868d98ba234162aeb17, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\92bafd99e7c04b734edc18d6d8d0edef, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\1af2a17a1d8b2a7a596f70d2e821bf62, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\1d7a9926650ba29316a688ebf4c34310, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\216da480089c4cb69c2c7f6fba14a5ca, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\2fb42a665c2c7d5f0c393ad207c50449, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\32b2a4d897116cb956942496916bd045, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\379cdd07f75de6ef56c4e7e6c0c53d83, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\38307a240df7545328f1f64f10c592a5, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\39fa3766022ffb3c652e9b146b870dca, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\3b624875df4a08cf334dcb0a14987d89, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\3f046a7f98c75bdfa12e25042d087c93, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\3f0fde1aa007a580d6f684c05c37baa4, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WNEnhance\WNEnhance Internet Enhancer\3f19a32aa890a258ea35061d8bdc8e94, In Quarantäne, [87c866505d2d38fe6648518c8281e31d], 
FraudTool.YAC, C:\Users\Eli8s\AppData\Roaming\Elex-tech\YAC\preference.ini, In Quarantäne, [d27d8333741641f5e84be5fae2217888], 
FraudTool.YAC, C:\Users\Eli8s\AppData\Roaming\Elex-tech\YAC\iDesk\desk.ini, In Quarantäne, [d27d8333741641f5e84be5fae2217888], 
FraudTool.YAC, C:\Users\Eli8s\AppData\Roaming\Elex-tech\YAC\log\iSafeStarts.log, In Quarantäne, [d27d8333741641f5e84be5fae2217888], 
FraudTool.YAC, C:\Users\Eli8s\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log, In Quarantäne, [d27d8333741641f5e84be5fae2217888], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC\preference.ini, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC\proxyUpdate.ini, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC\iDesk\desk.ini, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC\log\iSafeStarts.log, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
FraudTool.YAC, C:\Users\Hoffmeister\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log, In Quarantäne, [3718189e8cfe072fd65d18c72cd724dc], 
PUP.Optional.V9, C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: ("session":{"restore_on_startup":5}}), Schlecht: ("session":{"restore_on_startup":4,"startup_urls":["hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}}), Ersetzt,[76d900b65337fa3c5b9bd89de81ecb35]
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\manifest.json, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\bg.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\buildVars, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\buildVars.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\companionSW.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\config.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\contentScript.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\contentScript.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\debug.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\debug.jade, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\extension_toolbar_api.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\initWidgetWindow.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\newTabContentScript.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\options.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spent.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spent.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spent.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spent2.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spent2.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spentJ.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spentK.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\spentK.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\startup.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\stub.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\stubby.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\superFrame.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\toolbar.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\toolbar.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\toolbarUI.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\toolbarUI.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\toolbarUI.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\url.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\adapter\adapterUtil.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\adapter\widget-adapter.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\abstractbutton\background\abstractButton.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\alert\background\alertButton.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml\background\embedHtmlWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml\html\embedHtmlTemplate.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedhtml\js\embedHtmlUI.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript\background\embedScriptWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript\html\embedScriptTemplate.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\embedscript\js\embedScriptUI.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\flare\background\FlareWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\flare\icons\Icon_Flare_blue.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\flare\icons\Icon_Flare_pink.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\flare\icons\Thumbs.db, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\generic\background\GenericWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\link\background\linkButton.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\README.txt, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\background\menuButton.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\css\menuframe.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\html\menuframe.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\images\right_arrow.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\images\right_arrow_white.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\js\jquery-1.7.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\js\menuframe.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\js\query-string.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\menu\js\underscore-1.3.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\rss\background\RssWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\thirdparty\background\thirdPartyWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\uninstall\background\uninstallButton.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\components\weather\background\weatherButton.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\bs.30.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\common.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\dynamic.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\enableDetect.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\eventListening.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\global.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\jquery-1.7.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\list-interaction.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\messageEventListener.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\navRedirector.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\paramReplacer.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\PartnerId.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\set.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\underscore-1.3.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\underscore-1.5.2.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\js\unifiedLogging.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widget-context-1.0.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\common\common.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\common\eventListening.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\common\list-interaction.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\common\set.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\radio-widget.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\css\radio-widget.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\js\radio-custom.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\js\radio-parser.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\radio\js\radio-widget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\rss\rssWidget.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\rss\js\rss-widget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\invalid.json, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\jquery.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\qunit.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\qunit.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\resource.json, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\resource.xml, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\testWidget.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\test\testWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps\widget.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps\css\widget.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps\js\topapps-config.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\topapps\js\widget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\weather\weatherButton.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\weather\css\weatherButton.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\common\widget-api\widgets\weather\js\weather.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\background\ApiBasedWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\background\widget-api-impl.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\window\hiddenWidgetWindow.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\window\hiddenWidgetWindow.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\window\hiddenWidgetWindowInit.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\window\widgetWindow.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\api\window\widgetWindow.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\background\updateSearch.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\background\updateSearchPromptBg.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\07_buttons2.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\08_buttons2.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\defaultSearchModal.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\tvf_btn_ok.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\tvf_btn_ok2.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\tvf_restart_icon.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\defaultSearch\foreground\updateSearchPromptFg.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\background\MovieReviewsWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\css\movieReviews.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\html\movieReviews.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\moviereviews\js\movieReviews.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\background\RadioWidget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\css\toolbar-item.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\foreground\button.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\radioWrapper\radioWrapper.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\radio\radioWrapper\radioWrapper.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search\background\searchBox.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search\html\searchSuggestions.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search\html\searchSuggestions.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search\html\searchSuggestions.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\search\html\searchSuggestionsInit.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\css\supertab.css, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\html\supertab.html, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\js\newtabfork.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\js\reporting.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\js\srchsugg.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\js\supertab.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\js\unifiedLogging.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\components\supertab\js\__utm.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons\arrowSprite.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons\icon128.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons\icon16.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons\icon19disabled.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons\icon19on.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons\icon48.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\icons\tb_icon_search_disappearing_ask.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\223755644.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\223755648.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\223755663.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\223755667.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\223755676.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\223755698.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\224383989.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\down_arrow.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\IDR_PRODUCT_LOGO_16.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\IDR_WEBSTORE_ICON.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\magnifying_glass.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\RadioPlayerSprite.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\search_button.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\tvf_icon_guide.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\tvf_logo.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\images\wrench.png, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\chromeUtils.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\exeManager.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\exeManagerNMD.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\exePackageManager.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\focusManager.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\globalBlacklistManager.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\messaging.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\mutation_summary-min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\mutation_summary.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\nativeMessagingDispatcher.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\newTabInfo.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\newTabInitialize.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\options.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\readLocalStorage.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\reservespacefortoolbar.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\reservespaceifenabled.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\scriptInjector.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\searchContext.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\settingsOverrides.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\toolbarCookieParser.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\toolbarPreinit.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\underscore-1.3.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\URILoaderContentScript.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\Widget.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\widgetContentScriptInjectee.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\widgetFactory.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\js\widgetWindowManager.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\cache.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\ce.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\debug.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\ss.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\libs\jquery-1.7.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\libs\jquery-1.9.1.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\native\libs\underscore-1.5.2.min.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\activePing.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\buttonLogger.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\competitorDnsList.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\console.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\FFPreferencesPersister.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\httpTransport.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\HttpURL.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\internationalSearch.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\LocalStoragePersister.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\MindsparkGlobal.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\MindsparkGlobal.unitTest.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\MindsparkGlobalNotes.txt, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\rsvp-latest.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\searchSuggestLocale.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\testHttpTransport.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\unifiedLogger.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\unifiedLogging.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\universalConsole.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\shared\utils.js, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\_metadata\computed_hashes.json, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.Mindspark.A, C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn\12.14.7.40503_0\_metadata\verified_contents.json, In Quarantäne, [391623938109ef47f44ba9c8fb0b03fd], 
PUP.Optional.V9.A, C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag");), Ersetzt,[da7596203e4ce74f37e83e36c0463dc3]
PUP.Optional.V9.A, C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag");), Ersetzt,[6ae5f0c6f8925ed8b38fa1d327dfc63a]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Alt 30.08.2015, 16:08   #9
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



AdwCleaner:


Code:
ATTFilter
# AdwCleaner v5.004 - Bericht erstellt 30/08/2015 um 15:49:53
# Aktualisiert 26/08/2015 von Xplode
# Datenbank : 2015-08-20.1 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Elmar1 - ELMAR1-MSI
# Gestarted von : F:\AdwCleaner_5.004.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Users\Eli8s\AppData\Roaming\Elex-tech
[-] Ordner Gelöscht : C:\Users\Hoffmeister\AppData\Roaming\Elex-tech

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml
[-] Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\webssearches.xml

***** [ Verknüpfungen ] *****

[-] Verknüpfung Desinfiziert : C:\Users\Elmar1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Elmar1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Verknüpfung Desinfiziert : C:\Users\Elmar1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk

***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\Classes\Applications\inetstat.exe
[-] Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PCSU.Registry.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [default_newtabff@gmail.com]
[-] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\IM
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
[-] Schlüssel Gelöscht : HKCU\Software\eSupport.com
[-] Schlüssel Gelöscht : HKCU\Software\IM
[-] Schlüssel Gelöscht : HKCU\Software\ImInstaller
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited
[-] Schlüssel Gelöscht : HKCU\Software\V9
[-] Schlüssel Gelöscht : HKCU\Software\DriverWhiz
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\V9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\eSupport.com
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\IM
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\ImInstaller
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Speedchecker Limited
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\V9
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DriverWhiz
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DriverWhiz
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Whiz

***** [ Internetbrowser ] *****

[-] [C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[-] [C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[-] [C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[-] [C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1434686883&from=xtab&uid=412EBAEB904A4d24A1D0EFE83A307C84&q={searchTerms}");
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : mystart.incredibar.com
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : home.sweetim.com
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : istart.webssearches.com
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : webssearches
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : istartsurf
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : search.sweetim.com
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : v9
[-] [C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Gelöscht : hxxp://www.istartsurf.com/webfavicon.ico
[-] [C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : mystart.incredibar.com/
[-] [C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : mystart.incredibar.com
[-] [C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : v9
[-] [C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Gelöscht : ","id":"110","image_url":"","image_url_post_params":"","input_encodings":[],"instant_url":"","instant_url_post_params":"","keyword":"v9","last_modified":"13085177055065099","new_tab_url":"","originating_url":"","prepopulate_id":0,"safe_for_autoreplace":false,"search_terms_replacement_key":"","search_url_post_params":"","short_name":"V9","suggestions_url":"","suggestions_url_post_params":"","synced_guid":"98BEB9A6-D1A5-48C3-94A6-4D1C4E370D3A","url":"hxxp://www.v9.com/web?type=ds&ts=1439081834&from=zzgbkk123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag&q={searchTerms}
[-] [C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Gelöscht : hxxp://www.v9.com/web?type=ds&ts=1439081834&from=zzgbkk123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag&q={searchTerms}
[-] [C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gelöscht : hxxp://www.v9.com?type=hp&ts=1439081834&from=mych123&uid=hitachixhts545050b9a300_110109pbn403m7dv449ex&z=641d0f07fa405353ce20d03g3z8c4t9ecb5g0b1cag

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [10139 Bytes] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Elmar1 on 30.08.2015 at 15:54:24,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] pcsuucdrv [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\DriverWhiz_DailyScan
Successfully deleted: [Task] C:\windows\system32\tasks\DriverWhiz_ScheduledScan



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\profiles\x7jyxs1q.default\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, xtab);
user_pref(browser.search.searchengine.uid, 412EBAEB904A4d24A1D0EFE83A307C84);
Emptied folder: C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\profiles\x7jyxs1q.default\minidumps [1 files]



~~~ Chrome


[C:\Users\Elmar1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Elmar1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Elmar1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Elmar1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.08.2015 at 15:59:51,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST-Log:


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:29-08-2015
durchgeführt von Elmar1 (Administrator) auf ELMAR1-MSI (30-08-2015 16:03:52)
Gestartet von F:\
Geladene Profile: Elmar1 (Verfügbare Profile: UpdatusUser & Elmar1 & Eli8s & Hoffmeister)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Farbar) F:\FRST64 (2).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4055552 2010-11-08] (Sentelic Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-06] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Spotify Web Helper] => C:\Users\Elmar1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-04] (Spotify Ltd)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Spotify] => C:\Users\Elmar1\AppData\Roaming\Spotify\Spotify.exe [4736000 2013-10-04] (Spotify Ltd)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Amazon Music] => C:\Users\Elmar1\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-24] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-03-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS PC Sound.lnk [2011-03-25]
ShortcutTarget: SRS PC Sound.lnk -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL [2010-06-13] (Symantec Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{94F5DEB5-2EB5-4074-8C69-BDEDE262C939}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-12-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-12-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3363573057-2169286185-1613431243-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Elmar1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3363573057-2169286185-1613431243-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Extension: Search Enginer - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\Extensions\ffsearch_toolbar [2015-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2012-01-07]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [ffsearch_toolbar] - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\ffsearch_toolbar
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\sweetsearch@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\default_newtabff@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\defsearchp@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\quick_searchff@gmail.com [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-31]
CHR Extension: (YouTube) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-31]
CHR Extension: (Google Search) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-31]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] ()
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [126904 2010-07-23] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-06] (Symantec Corporation)
S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-08-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-09] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-27] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS [117808 2010-08-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS [1791536 2010-08-13] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSP64.SYS [715824 2010-07-29] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS [40496 2010-07-29] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [450096 2010-06-13] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [821808 2010-07-29] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174640 2011-03-25] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [168496 2010-06-27] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [381488 2010-07-13] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-30 15:59 - 2015-08-30 15:59 - 00001869 _____ C:\Users\Elmar1\Desktop\JRT.txt
2015-08-30 15:02 - 2015-08-30 15:43 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-30 15:02 - 2015-08-30 15:02 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-30 15:02 - 2015-08-30 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-30 15:02 - 2015-08-30 15:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-30 15:02 - 2015-08-30 15:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-30 15:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-30 15:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-30 15:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-30 14:53 - 2015-08-30 14:53 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64 (2).exe
2015-08-30 14:52 - 2015-08-30 14:52 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Hoffmeister\Downloads\JRT.exe
2015-08-30 14:51 - 2015-08-30 14:51 - 01618432 _____ C:\Users\Hoffmeister\Downloads\AdwCleaner_5.004.exe
2015-08-30 14:50 - 2015-08-30 14:50 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Hoffmeister\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-29 15:54 - 2015-08-29 15:54 - 00020050 _____ C:\ComboFix.txt
2015-08-29 14:40 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-08-29 14:40 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-08-29 14:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-08-29 14:39 - 2015-08-29 15:54 - 00000000 ____D C:\Qoobox
2015-08-29 14:39 - 2015-08-29 15:52 - 00000000 ____D C:\windows\erdnt
2015-08-29 14:32 - 2015-08-29 14:32 - 00000612 _____ C:\Users\Elmar1\Desktop\ComboFix - Verknüpfung.lnk
2015-08-29 13:24 - 2015-08-29 14:07 - 00001278 _____ C:\Users\Elmar1\Desktop\Revo Uninstaller.lnk
2015-08-29 13:23 - 2015-08-29 14:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-29 13:19 - 2015-08-29 13:20 - 05636265 _____ (Swearware) C:\Users\Hoffmeister\Downloads\ComboFix.exe
2015-08-29 13:19 - 2015-08-29 13:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hoffmeister\Downloads\revosetup95.exe
2015-08-28 12:58 - 2015-08-30 16:03 - 00000000 ____D C:\FRST
2015-08-28 12:53 - 2015-08-28 12:54 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64 (1).exe
2015-08-28 12:53 - 2015-08-28 12:53 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64.exe
2015-08-27 22:52 - 2015-08-27 22:52 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Virtual Desktop Manager
2015-08-27 22:43 - 2015-08-28 20:49 - 00002373 _____ C:\Users\Hoffmeister\Desktop\Gabriele - Chrome.lnk
2015-08-27 22:43 - 2015-08-27 22:43 - 00001435 _____ C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Adobe
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\Google
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\FSP
2015-08-27 22:42 - 2015-08-27 22:42 - 00000020 ___SH C:\Users\Hoffmeister\ntuser.ini
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Vorlagen
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Startmenü
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Netzwerkumgebung
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Lokale Einstellungen
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Eigene Dateien
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Druckumgebung
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Documents\Eigene Musik
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Documents\Eigene Bilder
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Local\Verlauf
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Local\Anwendungsdaten
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Anwendungsdaten
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\VirtualStore
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 ____D C:\Users\Hoffmeister
2015-08-27 22:42 - 2015-06-14 17:53 - 00063568 _____ C:\Users\Hoffmeister\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-27 22:42 - 2012-02-01 20:18 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Macromedia
2015-08-27 22:42 - 2011-03-25 18:15 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\SRS Labs
2015-08-27 22:42 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-27 22:42 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-27 19:58 - 2015-08-30 15:49 - 00000000 ____D C:\AdwCleaner
2015-08-27 19:55 - 2015-08-27 19:55 - 01618432 _____ C:\Users\Elmar1\Downloads\adwcleaner_5.004.exe
2015-08-23 06:35 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-23 06:35 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-23 06:35 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-23 06:35 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-14 05:10 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 05:10 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-14 03:38 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-14 03:38 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-14 03:38 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-14 03:38 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-14 03:38 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-14 03:38 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-14 03:38 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-14 03:36 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-14 03:36 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-14 03:36 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-14 03:36 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-14 03:36 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-14 03:36 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-14 03:36 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-14 03:36 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-14 03:36 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-14 03:36 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-14 03:36 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-14 03:36 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-14 03:36 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-14 03:36 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-14 03:36 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-14 03:36 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-14 03:36 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-14 03:36 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-14 03:36 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-14 03:36 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-14 03:34 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-14 03:34 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-14 03:34 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-14 03:34 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-14 03:34 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-14 03:34 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-08-14 03:32 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-14 03:29 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-14 03:29 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-14 03:29 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-14 03:29 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-14 03:29 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-14 03:29 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-14 03:29 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-14 03:29 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-14 03:29 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-14 03:29 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-14 03:29 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-14 03:29 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-14 03:29 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-14 03:29 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-14 03:29 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-14 03:29 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-14 03:29 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 03:29 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-14 03:29 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-14 03:29 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-14 03:29 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-14 03:29 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-14 03:29 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-14 03:29 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-14 03:29 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-14 03:29 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-14 03:29 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-14 03:29 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-14 03:29 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-14 03:29 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-14 03:29 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-14 03:29 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-14 03:29 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-14 03:29 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-14 03:29 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-14 03:29 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-14 03:29 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-14 03:29 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-14 03:29 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-14 03:29 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-14 03:29 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-14 03:29 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-14 03:29 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-14 03:29 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-14 03:29 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-14 03:29 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-14 03:29 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-14 03:29 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-14 03:29 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-14 03:29 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-14 03:28 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-14 03:28 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-14 03:28 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-14 03:28 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-14 03:28 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-14 03:28 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-14 03:28 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-14 03:28 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-14 03:28 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-14 03:28 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-14 03:28 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-14 03:28 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-14 03:28 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-14 03:28 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-11 04:33 - 2015-08-11 04:33 - 00760417 _____ C:\Users\Elmar1\Downloads\Google.html
2015-08-11 04:33 - 2015-08-11 04:33 - 00000000 ____D C:\Users\Elmar1\Downloads\Google_files
2015-08-01 01:42 - 2015-08-01 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-01 01:42 - 2015-08-01 01:42 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-30 16:03 - 2009-07-14 06:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-30 16:03 - 2009-07-14 06:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-30 15:52 - 2012-07-27 09:16 - 00000000 ____D C:\Users\Elmar1\AppData\Roaming\Spotify
2015-08-30 15:51 - 2012-12-31 12:52 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 15:50 - 2013-01-01 15:18 - 03866390 _____ C:\windows\PFRO.log
2015-08-30 15:50 - 2011-03-25 18:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-30 15:50 - 2011-03-25 17:37 - 01773460 _____ C:\windows\WindowsUpdate.log
2015-08-30 15:50 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-30 15:50 - 2009-07-14 06:51 - 00133180 _____ C:\windows\setupact.log
2015-08-30 15:49 - 2012-12-31 12:49 - 00001007 _____ C:\Users\Elmar1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 15:40 - 2009-07-14 07:32 - 00000000 ____D C:\windows\Offline Web Pages
2015-08-30 15:33 - 2012-12-31 12:52 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 15:13 - 2013-09-01 17:48 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-29 15:50 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-08-29 14:25 - 2013-05-06 16:34 - 00000000 ____D C:\Users\Elmar1\Tracing
2015-08-29 14:01 - 2011-03-25 18:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-29 13:39 - 2014-08-06 17:24 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-08-29 13:28 - 2012-12-31 12:52 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 13:28 - 2012-12-31 12:52 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 13:26 - 2013-10-03 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamePacks
2015-08-28 13:02 - 2011-03-25 17:18 - 00643866 _____ C:\windows\system32\perfh007.dat
2015-08-28 13:02 - 2011-03-25 17:18 - 00126394 _____ C:\windows\system32\perfc007.dat
2015-08-28 13:02 - 2009-07-14 07:13 - 01472002 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-27 22:30 - 2012-12-31 12:55 - 00002261 _____ C:\Users\Elmar1\Desktop\Google Chrome.lnk
2015-08-27 22:00 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-08-27 21:24 - 2013-10-12 16:12 - 00000000 ____D C:\Users\Eli8s\AppData\Local\Spotify
2015-08-27 20:02 - 2015-06-18 18:13 - 00000000 ____D C:\windows\system32\log
2015-08-17 18:21 - 2012-03-12 09:03 - 00000000 ____D C:\Users\Elmar1\Documents\Mieter
2015-08-17 18:21 - 2012-02-03 07:23 - 00000000 ____D C:\Users\Elmar1\Documents\,Entschuldigungen
2015-08-16 02:15 - 2009-07-14 06:45 - 00293256 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-16 02:11 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-08-14 05:10 - 2013-03-15 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 05:08 - 2013-03-15 23:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 05:08 - 2012-01-07 18:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 04:13 - 2013-09-01 17:48 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-14 04:13 - 2013-09-01 17:48 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 04:13 - 2013-09-01 17:48 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-14 03:40 - 2013-07-16 19:50 - 00000000 ____D C:\windows\system32\MRT
2015-08-14 03:04 - 2013-03-28 19:29 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-14 02:21 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-08-09 02:55 - 2014-10-07 14:32 - 00000000 ____D C:\Users\Elmar1\AppData\Local\SWDS
2015-08-01 01:42 - 2013-03-28 19:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Flowers
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Folder Actions
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Folder Actions Handlers
2013-06-26 18:06 - 2013-06-26 18:06 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Grand Piano
2013-04-27 06:19 - 2014-08-13 00:13 - 0006656 _____ () C:\Users\Elmar1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Fonts
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Framework
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Frameworks
2013-06-26 18:06 - 2013-06-26 18:06 - 0000268 ___RH () C:\ProgramData\Guitar
2013-06-26 18:06 - 2013-06-26 18:06 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-26 18:07 - 2013-06-26 18:12 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-26 18:07 - 2014-08-12 23:48 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-26 18:07 - 2013-07-25 20:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Einige Dateien in TEMP:
====================
C:\Users\Elmar1\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2014-10-20 19:44

==================== Ende von FRST.txt ============================
         
Gruß, Eli8s

EDIT: Ich habe es grad mal überprüft und der Computer verbindet jetzt wieder mit dem Proxy-Server

Geändert von Eli8s (30.08.2015 um 16:59 Uhr) Grund: Edit

Alt 31.08.2015, 07:06   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.08.2015, 18:57   #11
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Guten Tag
Ich kann momentan keine Probleme mehr feststellen, wie gesagt der Computer verbindet wieder mit dem Proxy-Server. Allerdings hat ESET 68 "bedrohliche" Dateien entdeckt.

Hier das Logfile von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8a694a93d5e9ac45ad40638524992650
# end=init
# utc_time=2015-08-31 03:04:08
# local_time=2015-08-31 05:04:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25532
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8a694a93d5e9ac45ad40638524992650
# end=updated
# utc_time=2015-08-31 03:09:27
# local_time=2015-08-31 05:09:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8a694a93d5e9ac45ad40638524992650
# engine=25532
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-31 05:10:29
# local_time=2015-08-31 07:10:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 192670879 0 0
# scanned=240458
# found=86
# cleaned=0
# scan_time=7261
sh=37F7D8C960BBBF4C0D888861E8D713BB3513BEF1 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\source.crx.vir"
sh=92C4E8DE80888743B27AC06ED98E55FFE3135D95 ft=1 fh=f11273fad9cd263a vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchCH.dll.vir"
sh=3B184240FB345AA2019AD2884F0B9B37DFE7DCD3 ft=1 fh=37467f3fb2cf48e9 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchFF.dll.vir"
sh=049FF7BE8454064134C48770372CF912319AEE78 ft=1 fh=c71c00113b3d00b3 vn="Win32/ELEX.EL evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowserAction.dll.vir"
sh=5808E035B462DDE1D61C7A2C42FE776DBD5AFCD5 ft=1 fh=7dafceeee8934c5f vn="Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\CmdShell.exe.vir"
sh=F46F29207788875FA4FDB1C1F645E29EB55091A6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\defsearchp@gmail.com!1.0.0.1039.xpi.vir"
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=5CBF89714C867A4241EBC87D36369C10C0A6FEC9 ft=1 fh=74b2bbd02890d5fe vn="Variante von Win32/ELEX.DK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\HPNotify.exe.vir"
sh=76C2D9EA22D00C6E776E6C5A3F68447405C08C04 ft=1 fh=2f31dd30d6532def vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\IeWatchDog.dll.vir"
sh=780755B2950667994D438944D8B2E08D420E063A ft=1 fh=78f50702b780af73 vn="Variante von Win32/ELEX.EE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir"
sh=B9412DD3B45C98A2745855F8102A57A8B4769375 ft=1 fh=b759138fc5d68a1a vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\SupTab.dll.vir"
sh=AB481519C43A07288878242D2F5ED1052DECC7E5 ft=1 fh=98c28400cc253aec vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=40BA74D9EDCABF8AF541E3CE9CA426602CD685EC ft=1 fh=bef5a377947884c6 vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Picexa\Picexa.exe.vir"
sh=14EB30783441BF5E9BC83116597861E545A84F60 ft=1 fh=eb41b4ecff897df8 vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Picexa\picexasvc.exe.vir"
sh=A0005D4DDA82F9842259B7B8667E50BCE32308B4 ft=1 fh=3c5a00e1cda53cfa vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Picexa\uninstall.exe.vir"
sh=3A5021E5A5FE2F711A73346AB5E68C96F6DF3387 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGong.crx.vir"
sh=6DA2B171F521C3E900A671313D459C662A27CA8A ft=1 fh=3e8e084203b8520a vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll.vir"
sh=DB1CD7BC0F547F466DD322999C48C9738A9D1EC8 ft=1 fh=70a1238b54161e6a vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\FF\plugins\npPriceGong_FF.dll.vir"
sh=DBCC1223F29B298C49D0532BA2B3539794728DED ft=1 fh=c71c0011bd98a461 vn="Variante von Win32/ELEX.EK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX.dll.vir"
sh=C819CD7E396453C9EA0C2643B5FEE2B06EBBF4C5 ft=1 fh=c71c001193c1ce0b vn="Variante von Win64/ELEX.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX64.dll.vir"
sh=335D4357ECDEDB381B8268949F829A4A71DE9170 ft=1 fh=c503ff1f1eb3bc07 vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX64.exe.vir"
sh=E40E8E91FA5101B0D9E675478BCBB5ACBD271334 ft=1 fh=d7e88db597f3f71a vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir"
sh=7304F9F56CDFCC9DD9277C40A0C32553B651AD50 ft=0 fh=0000000000000000 vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\Yrrehs.zip.vir"
sh=3613213744AD22F95316CE25EA56440AAA414F17 ft=1 fh=73cec9afb784aab9 vn="Win32/Wajam.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\uninstall.exe.vir"
sh=7186A8F05DF34ED8B39CAA78CC73712A649FEA37 ft=1 fh=c71c001150204e61 vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\eUninstall.exe.vir"
sh=1A34042AC2035878B5ACBBE6D8FC7C268CBDF560 ft=1 fh=a04a7234dec62c72 vn="Variante von Win32/ELEX.BR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir"
sh=1520EF11E7C148AC9E7700828FBA4070695E8ED4 ft=1 fh=694cf28e659a4b6f vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=72E36BD2C6793661A2F0D3D92DFC73D2597AF413 ft=1 fh=4ff15436fb858a78 vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\WinZipper.exe.vir"
sh=C4B30FAF8A0EC58D5996CD2AD428C8E2D4893E53 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.js.vir"
sh=DBB6B0DCBFA438D818F1639354F2C9B0D91DFBB2 ft=1 fh=3afecd1a3c60d56a vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins\npPriceGong_CH.dll.vir"
sh=C4B30FAF8A0EC58D5996CD2AD428C8E2D4893E53 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\options\pg_options.js.vir"
sh=DBB6B0DCBFA438D818F1639354F2C9B0D91DFBB2 ft=1 fh=3afecd1a3c60d56a vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12_0\plugins\npPriceGong_CH.dll.vir"
sh=721DE3F50FFD9788A91FD53C10915AC3900B8D66 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=3A1DE088355D742505A4701312031F4F77FF768C ft=1 fh=a6caf9f78e785786 vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Roaming\InetStat\inetstat.exe.23269.vir"
sh=FE6DFB5E0000D73EEC86EB31F87F089734F16FA8 ft=1 fh=a6caf9f74effba7f vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Roaming\InetStat\inetstat.exe.8306.vir"
sh=3A1DE088355D742505A4701312031F4F77FF768C ft=1 fh=a6caf9f78e785786 vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=3A1DE088355D742505A4701312031F4F77FF768C ft=1 fh=a6caf9f78e785786 vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Roaming\InetStat\isup.exe.vir"
sh=16E54F243A10629AA0AF4E39FD2FFDC525BA6C94 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\Extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js.vir"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir"
sh=4CF9EF4D739C2F8A1F3909A2720274527EC29E1F ft=1 fh=c71c001143f2d9bd vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Elmar1\AppData\Roaming\webssearches\UninstallManager.exe.vir"
sh=7AB90BABE55BC66A0287A71DE4CECD372A98A0CB ft=1 fh=c716a932e529ebf8 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\Sysnative\dmwu.exe.vir"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\Sysnative\drivers\iSafeNetFilter.sys.vir"
sh=FA091A220618B4914C07D853FC46BB4EF8F1A9CC ft=1 fh=e0c76a45e17bbcc2 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\Sysnative\ljkb\lmrn.dll.vir"
sh=F63E62896535BAD919FA40A5CC69F7093C333198 ft=1 fh=d3a97d58bd58f003 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\Sysnative\ljkb\stij.exe.vir"
sh=E18687F66C4729C096B4B2E893289E5D46A876C8 ft=1 fh=15e41fad0a288664 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=32EEE1864E49A4FA06A68005D78A42202771D551 ft=1 fh=d4756073afcc2186 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\jmdp\lmrn.dll.vir"
sh=1F4C2E6BCF89CECF7E57FCA218A3ED10A5879828 ft=1 fh=ecb34756e46ac693 vn="Variante von Win32/Toolbar.Perion.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\jmdp\stij.exe.vir"
sh=EC6EEA22F9FA5AA36D81E80F4727B0E3148A08C3 ft=1 fh=2c63ed6c103923cc vn="Win32/Toolbar.Perion.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe.vir"
sh=A10CC8B242A70BD8B2458BC1B44A83634AD39D3A ft=1 fh=3f6125f74cd79291 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\NTSetup.exe.vir"
sh=50BCC6F6EF39974FEBD9B0CAFBDA5B607273B7A6 ft=1 fh=006185004ad2f40c vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\SKSetup.exe.vir"
sh=B0058DB13E2145434B4BED61B2F4BEB8FD4F28CD ft=1 fh=8fb8468f04a188ba vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\WSSetup.exe.vir"
sh=B6B124193CC8FD203CC92E1D6673C21A1B01A52D ft=1 fh=c71c00118fbd3019 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe"
sh=B6B124193CC8FD203CC92E1D6673C21A1B01A52D ft=1 fh=c71c00118fbd3019 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\6WinManPro6\ProtectWindowsManager.exe"
sh=2681CFD472B5B7D4E4EA3FDE79BDAD8D85C9165A ft=1 fh=2121f1757b1575c8 vn="Variante von Win32/DomaIQ.BI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=E05EA80B019C02D4A984842F5A9D56D85BA3CC3F ft=1 fh=3647a32ff2349f5b vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli8s\Downloads\download-apache-openoffice.exe"
sh=F5B417E049D6646885DCA869315D37726FEB5963 ft=1 fh=3f500cd8037fdfc8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli8s\Downloads\OpenOffice - CHIP-Installer.exe"
sh=F57E3870C9B85A681E016FBAB549A51A9BBE5D63 ft=1 fh=c71c0011e64164c4 vn="Variante von Win32/ELEX.DJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\everything.dll"
sh=1E1A6BF50DEF03E857AA5C84CBBD94E77026F8E7 ft=1 fh=c71c00115a223007 vn="Variante von Win32/ELEX.DJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\helper.dll"
sh=014622881329EC682CC75E5A83E10DEEE440B2D7 ft=1 fh=c71c00115ee0d9b0 vn="Variante von Win32/ELEX.DJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\Patch.dll"
sh=E465469F2815E6EB1C34DD73F020CE8BF15BFCEC ft=1 fh=c71c0011b5360bf5 vn="Win32/ELEX.DJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\SearchHand.dll"
sh=9EF3964E5DF8FE3E3D885EE05F26C0F4E710AAD9 ft=1 fh=c71c0011d7d86bff vn="Variante von Win32/ELEX.DJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\ServiceEverything.exe"
sh=EC64AEDE7C4503E522DC202008EA1274CB1B5437 ft=1 fh=c71c0011d3ac06ce vn="Win32/ELEX.EK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\SFKEX.dll"
sh=898793B2F9B14536BB48C3DB8F5E2B3291F72E46 ft=1 fh=c71c0011e3376b44 vn="Variante von Win32/ELEX.DJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\SFKEX.exe"
sh=48D8586CD4D5DD2914DD104F050F2C8957708F3F ft=1 fh=c71c0011351e7e21 vn="Win64/ELEX.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\SFKEX64.dll"
sh=A8BD8C5B7C71482ABE1E06409D97B4BD87DF4EC4 ft=1 fh=fa287f48d099f7db vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\SFKEX64.exe"
sh=E40E8E91FA5101B0D9E675478BCBB5ACBD271334 ft=1 fh=d7e88db597f3f71a vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Everything\update.exe"
sh=858524ED0C62DA7FEE38A551865CCDE45A41C289 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\extensions\ffsearch_toolbar\chrome\content\toolbar.js"
sh=F9E8B8F6DF645A7EECDF6A35D9778FC8420F68DE ft=1 fh=e0730138ccd6883a vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Elmar1\Documents\PCSpeedUp-Silent-Update.exe"
sh=D9EE6B80A0799254672CEDD44F173BD38A604757 ft=1 fh=28f332d88c5a495a vn="Variante von Win32/Toolbar.Perion.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe"
sh=3D4C6F1D551DD7D687FC99B6C12E684C64DA6F07 ft=1 fh=82b6f2f3276cd17c vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[2].exe"
sh=42F005F09BB900C778CAF5769460A4B543A67B4F ft=1 fh=bf2609c2104fe69b vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[3].exe"
sh=435DAF486E61031ACA4B683D5C8D76A776DD4DF6 ft=1 fh=61e3b7a0829a1abd vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[4].exe"
sh=50BCC6F6EF39974FEBD9B0CAFBDA5B607273B7A6 ft=1 fh=006185004ad2f40c vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[5].exe"
sh=1A739914A874A42A4520CE05D8B8761A884ADFB7 ft=1 fh=de394184ef561da5 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe"
sh=1824CFBB24861E0953082C9DB55CC549F9571FE6 ft=1 fh=5345ab72387b0575 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[2].exe"
sh=858FEE0BB8CFFB3DA04905296EDD7A4D8BEDC1F6 ft=1 fh=81370291c16ff526 vn="Win64/Toolbar.Perion.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[3].exe"
sh=3385985570874923362D99E54B70265286A5A889 ft=1 fh=85e189db41eff2c7 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[5].exe"
sh=CFED24E1953D1990F8297566F4230A57AC14A67E ft=1 fh=b3cee2eb17f46eb4 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\tprb\dnkt.exe"
sh=FBF72EEB581D4C82C2D26F01241DB03BC0DD91F7 ft=1 fh=bf3f894b22130c62 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\tprb\5141\nsib.dll"
sh=34C4C8B24B1E71819A45BD084F1F9057D5564C4B ft=1 fh=10bb68c511f0a67d vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\tprb\5152\nsib.dll"
sh=0C5963C32E64031D0D321B1BC82A866F1C434570 ft=1 fh=901766e99b5e30d0 vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\system32\tprb\5154\nsib.dll"
sh=E40E8E91FA5101B0D9E675478BCBB5ACBD271334 ft=1 fh=d7e88db597f3f71a vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSFK_2.0.6.11[1].exe"
sh=F2D83172D56E547255D9115BDCB869309F0EF581 ft=1 fh=20a01275a58657b2 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\mjcm\dnkt.exe"
sh=636553DBD4D8839C3BB36F59A90C63F23BCD7504 ft=1 fh=8b8daa0a3405b1f4 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\mjcm\5141\nsib.dll"
sh=17BDCF1527C51AD2B09B8D4887B762F50384D8FA ft=1 fh=c880683b3780aef3 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\mjcm\5152\nsib.dll"
sh=343835935AFCB46A3F8B1DC4BF181B6AEA2F109D ft=1 fh=adebf03d269e41b5 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\mjcm\5154\nsib.dll"
         

Hier checkup.txt :


Code:
ATTFilter
 Results of screen317's Security Check version 1.008  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox 36.0.1 Firefox out of Date!  
 Google Chrome (44.0.2403.155) 
 Google Chrome (44.0.2403.157) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Und hier das FRST Logfile. Es wurde wieder eine Datei namens "Addition" erstellt, wenn die auch benötigt wird,reiche ich sie nach.

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
durchgeführt von Elmar1 (Administrator) auf ELMAR1-MSI (31-08-2015 19:41:52)
Gestartet von F:\FRST
Geladene Profile: UpdatusUser & Elmar1 (Verfügbare Profile: UpdatusUser & Elmar1 & Eli8s & Hoffmeister)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\MsOsd.exe
(Spotify Ltd) C:\Users\Elmar1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\Elmar1\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [4055552 2010-11-08] (Sentelic Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-06] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Spotify Web Helper] => C:\Users\Elmar1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-04] (Spotify Ltd)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Spotify] => C:\Users\Elmar1\AppData\Roaming\Spotify\Spotify.exe [4736000 2013-10-04] (Spotify Ltd)
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\...\Run: [Amazon Music] => C:\Users\Elmar1\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-24] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-03-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS PC Sound.lnk [2011-03-25]
ShortcutTarget: SRS PC Sound.lnk -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{94F5DEB5-2EB5-4074-8C69-BDEDE262C939}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3363573057-2169286185-1613431243-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3363573057-2169286185-1613431243-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL [2010-06-13] (Symantec Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll [2010-08-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-12-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-12-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3363573057-2169286185-1613431243-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Elmar1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3363573057-2169286185-1613431243-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Elmar1\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-16] (Amazon.com, Inc.)
FF Extension: Search Enginer - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\Extensions\ffsearch_toolbar [2015-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2012-01-07]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [ffsearch_toolbar] - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\ffsearch_toolbar
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\sweetsearch@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\default_newtabff@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\defsearchp@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Elmar1\AppData\Roaming\Mozilla\Firefox\Profiles\x7jyxs1q.default\extensions\quick_searchff@gmail.com [nicht gefunden]

Chrome: 
=======
CHR Profile: C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-31]
CHR Extension: (YouTube) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-31]
CHR Extension: (Google Search) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Elmar1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-31]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [126904 2010-07-23] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-06] (Symantec Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-08-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-09] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-27] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS [117808 2010-08-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS [1791536 2010-08-13] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSP64.SYS [715824 2010-07-29] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS [40496 2010-07-29] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [450096 2010-06-13] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [821808 2010-07-29] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174640 2011-03-25] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [168496 2010-06-27] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [381488 2010-07-13] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-31 19:36 - 2015-08-31 19:36 - 00000448 _____ C:\Users\Elmar1\Desktop\SecurityCheck - Verknüpfung.lnk
2015-08-31 17:03 - 2015-08-31 17:03 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-30 15:59 - 2015-08-30 15:59 - 00001869 _____ C:\Users\Elmar1\Desktop\JRT.txt
2015-08-30 15:02 - 2015-08-30 15:43 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-30 15:02 - 2015-08-30 15:02 - 00001116 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-08-30 15:02 - 2015-08-30 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-08-30 15:02 - 2015-08-30 15:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-30 15:02 - 2015-08-30 15:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-30 15:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-30 15:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-30 15:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-30 14:53 - 2015-08-30 14:53 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64 (2).exe
2015-08-30 14:52 - 2015-08-30 14:52 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Hoffmeister\Downloads\JRT.exe
2015-08-30 14:51 - 2015-08-30 14:51 - 01618432 _____ C:\Users\Hoffmeister\Downloads\AdwCleaner_5.004.exe
2015-08-30 14:50 - 2015-08-30 14:50 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Hoffmeister\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-29 15:54 - 2015-08-29 15:54 - 00020050 _____ C:\ComboFix.txt
2015-08-29 14:40 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-08-29 14:40 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-08-29 14:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-08-29 14:40 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-08-29 14:39 - 2015-08-29 15:54 - 00000000 ____D C:\Qoobox
2015-08-29 14:39 - 2015-08-29 15:52 - 00000000 ____D C:\windows\erdnt
2015-08-29 14:32 - 2015-08-29 14:32 - 00000612 _____ C:\Users\Elmar1\Desktop\ComboFix - Verknüpfung.lnk
2015-08-29 13:24 - 2015-08-29 14:07 - 00001278 _____ C:\Users\Elmar1\Desktop\Revo Uninstaller.lnk
2015-08-29 13:23 - 2015-08-29 14:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-29 13:19 - 2015-08-29 13:20 - 05636265 _____ (Swearware) C:\Users\Hoffmeister\Downloads\ComboFix.exe
2015-08-29 13:19 - 2015-08-29 13:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hoffmeister\Downloads\revosetup95.exe
2015-08-28 12:58 - 2015-08-31 19:41 - 00000000 ____D C:\FRST
2015-08-28 12:53 - 2015-08-28 12:54 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64 (1).exe
2015-08-28 12:53 - 2015-08-28 12:53 - 02186752 _____ (Farbar) C:\Users\Hoffmeister\Downloads\FRST64.exe
2015-08-27 22:52 - 2015-08-27 22:52 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Virtual Desktop Manager
2015-08-27 22:43 - 2015-08-28 20:49 - 00002373 _____ C:\Users\Hoffmeister\Desktop\Gabriele - Chrome.lnk
2015-08-27 22:43 - 2015-08-27 22:43 - 00001435 _____ C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Adobe
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\Google
2015-08-27 22:43 - 2015-08-27 22:43 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\FSP
2015-08-27 22:42 - 2015-08-27 22:42 - 00000020 ___SH C:\Users\Hoffmeister\ntuser.ini
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Vorlagen
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Startmenü
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Netzwerkumgebung
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Lokale Einstellungen
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Eigene Dateien
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Druckumgebung
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Documents\Eigene Musik
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Documents\Eigene Bilder
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Local\Verlauf
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\AppData\Local\Anwendungsdaten
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 _SHDL C:\Users\Hoffmeister\Anwendungsdaten
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\VirtualStore
2015-08-27 22:42 - 2015-08-27 22:42 - 00000000 ____D C:\Users\Hoffmeister
2015-08-27 22:42 - 2015-06-14 17:53 - 00063568 _____ C:\Users\Hoffmeister\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-27 22:42 - 2012-02-01 20:18 - 00000000 ____D C:\Users\Hoffmeister\AppData\Roaming\Macromedia
2015-08-27 22:42 - 2011-03-25 18:15 - 00000000 ____D C:\Users\Hoffmeister\AppData\Local\SRS Labs
2015-08-27 22:42 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-27 22:42 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Hoffmeister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-27 19:58 - 2015-08-30 15:49 - 00000000 ____D C:\AdwCleaner
2015-08-27 19:55 - 2015-08-27 19:55 - 01618432 _____ C:\Users\Elmar1\Downloads\adwcleaner_5.004.exe
2015-08-23 06:35 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-23 06:35 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-23 06:35 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-23 06:35 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-14 05:10 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 05:10 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-14 03:38 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-14 03:38 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-14 03:38 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-14 03:38 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-14 03:38 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-14 03:38 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-14 03:38 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-14 03:38 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-14 03:38 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-14 03:36 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-14 03:36 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-14 03:36 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-14 03:36 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-14 03:36 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-14 03:36 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-14 03:36 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-14 03:36 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-14 03:36 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-14 03:36 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-14 03:36 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-14 03:36 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-14 03:36 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-14 03:36 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-14 03:36 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-14 03:36 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-14 03:36 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-14 03:36 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-14 03:36 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-14 03:36 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-14 03:36 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-14 03:36 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-14 03:36 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-14 03:36 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-14 03:36 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-14 03:36 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 03:36 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-14 03:34 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-14 03:34 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-14 03:34 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-14 03:34 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-14 03:34 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-08-14 03:34 - 2015-07-10 19:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-14 03:34 - 2015-07-10 19:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-14 03:34 - 2015-07-10 19:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-14 03:34 - 2015-07-10 19:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-08-14 03:32 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-14 03:29 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-14 03:29 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-14 03:29 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-14 03:29 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-14 03:29 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-14 03:29 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-14 03:29 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-14 03:29 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-14 03:29 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-14 03:29 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-14 03:29 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-14 03:29 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-14 03:29 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-14 03:29 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-14 03:29 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-14 03:29 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-14 03:29 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-14 03:29 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 03:29 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-14 03:29 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-14 03:29 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-14 03:29 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-14 03:29 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-14 03:29 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-14 03:29 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-14 03:29 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-14 03:29 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-14 03:29 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-14 03:29 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-14 03:29 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-14 03:29 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-14 03:29 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-14 03:29 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-14 03:29 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-14 03:29 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-14 03:29 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-14 03:29 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-14 03:29 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-14 03:29 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-14 03:29 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-14 03:29 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-14 03:29 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-14 03:29 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-14 03:29 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-14 03:29 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-14 03:29 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-14 03:29 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-14 03:29 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-14 03:29 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-14 03:29 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-14 03:29 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-14 03:29 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-14 03:28 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-14 03:28 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-14 03:28 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-14 03:28 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-14 03:28 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-14 03:28 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-14 03:28 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-14 03:28 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-14 03:28 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-14 03:28 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-14 03:28 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-14 03:28 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-14 03:28 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-14 03:28 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-11 04:33 - 2015-08-11 04:33 - 00760417 _____ C:\Users\Elmar1\Downloads\Google.html
2015-08-11 04:33 - 2015-08-11 04:33 - 00000000 ____D C:\Users\Elmar1\Downloads\Google_files
2015-08-01 01:42 - 2015-08-01 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-01 01:42 - 2015-08-01 01:42 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-31 19:33 - 2012-12-31 12:52 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 19:13 - 2013-09-01 17:48 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-31 19:07 - 2011-03-25 17:37 - 01845840 _____ C:\windows\WindowsUpdate.log
2015-08-31 16:58 - 2009-07-14 06:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 16:58 - 2009-07-14 06:45 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 16:52 - 2012-07-27 09:16 - 00000000 ____D C:\Users\Elmar1\AppData\Roaming\Spotify
2015-08-31 16:50 - 2012-12-31 12:52 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 16:50 - 2011-03-25 18:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-31 16:49 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-31 16:49 - 2009-07-14 06:51 - 00133460 _____ C:\windows\setupact.log
2015-08-30 15:50 - 2013-01-01 15:18 - 03866390 _____ C:\windows\PFRO.log
2015-08-30 15:49 - 2012-12-31 12:49 - 00001007 _____ C:\Users\Elmar1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 15:41 - 2009-07-14 07:32 - 00000000 ____D C:\windows\Offline Web Pages
2015-08-29 15:50 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-08-29 14:25 - 2013-05-06 16:34 - 00000000 ____D C:\Users\Elmar1\Tracing
2015-08-29 14:01 - 2011-03-25 18:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-29 13:39 - 2014-08-06 17:24 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-08-29 13:28 - 2012-12-31 12:52 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 13:28 - 2012-12-31 12:52 - 00003854 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 13:26 - 2013-10-03 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamePacks
2015-08-28 13:02 - 2011-03-25 17:18 - 00643866 _____ C:\windows\system32\perfh007.dat
2015-08-28 13:02 - 2011-03-25 17:18 - 00126394 _____ C:\windows\system32\perfc007.dat
2015-08-28 13:02 - 2009-07-14 07:13 - 01472002 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-27 22:30 - 2012-12-31 12:55 - 00002261 _____ C:\Users\Elmar1\Desktop\Google Chrome.lnk
2015-08-27 22:00 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2015-08-27 21:24 - 2013-10-12 16:12 - 00000000 ____D C:\Users\Eli8s\AppData\Local\Spotify
2015-08-27 20:02 - 2015-06-18 18:13 - 00000000 ____D C:\windows\system32\log
2015-08-17 18:21 - 2012-03-12 09:03 - 00000000 ____D C:\Users\Elmar1\Documents\Mieter
2015-08-17 18:21 - 2012-02-03 07:23 - 00000000 ____D C:\Users\Elmar1\Documents\,Entschuldigungen
2015-08-16 02:15 - 2009-07-14 06:45 - 00293256 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-16 02:11 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-08-14 05:10 - 2013-03-15 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 05:08 - 2013-03-15 23:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 05:08 - 2012-01-07 18:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 04:13 - 2013-09-01 17:48 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-14 04:13 - 2013-09-01 17:48 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 04:13 - 2013-09-01 17:48 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-14 03:40 - 2013-07-16 19:50 - 00000000 ____D C:\windows\system32\MRT
2015-08-14 03:04 - 2013-03-28 19:29 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-14 02:21 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-08-09 02:55 - 2014-10-07 14:32 - 00000000 ____D C:\Users\Elmar1\AppData\Local\SWDS
2015-08-01 01:42 - 2013-03-28 19:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Flowers
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Folder Actions
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Folder Actions Handlers
2013-06-26 18:06 - 2013-06-26 18:06 - 0000268 ___RH () C:\Users\Elmar1\AppData\Roaming\Grand Piano
2013-04-27 06:19 - 2014-08-13 00:13 - 0006656 _____ () C:\Users\Elmar1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Fonts
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Framework
2013-06-26 18:07 - 2013-06-26 18:07 - 0000268 ___RH () C:\ProgramData\Frameworks
2013-06-26 18:06 - 2013-06-26 18:06 - 0000268 ___RH () C:\ProgramData\Guitar
2013-06-26 18:06 - 2013-06-26 18:06 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-26 18:07 - 2013-06-26 18:12 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-26 18:07 - 2014-08-12 23:48 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-26 18:07 - 2013-07-25 20:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Einige Dateien in TEMP:
====================
C:\Users\Elmar1\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2014-10-20 19:44

==================== Ende von FRST.txt ============================
         

Gruß, Eli8s

Alt 01.09.2015, 17:02   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe

C:\Users\All Users\6WinManPro6\ProtectWindowsManager.exe

C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000

C:\Users\Eli8s\Downloads\download-apache-openoffice.exe

C:\Users\Eli8s\Downloads\OpenOffice - CHIP-Installer.exe

C:\Users\Elmar1\AppData\Everything\everything.dll

C:\Users\Elmar1\AppData\Everything\helper.dll

C:\Users\Elmar1\AppData\Everything\Patch.dll

C:\Users\Elmar1\AppData\Everything\SearchHand.dll

C:\Users\Elmar1\AppData\Everything\ServiceEverything.exe

C:\Users\Elmar1\AppData\Everything\SFKEX.dll

C:\Users\Elmar1\AppData\Everything\SFKEX.exe

C:\Users\Elmar1\AppData\Everything\SFKEX64.dll

C:\Users\Elmar1\AppData\Everything\SFKEX64.exe

C:\Users\Elmar1\AppData\Everything\update.exe

C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\extensions\ffsearch_toolbar\chrome\content\toolbar.js

C:\Users\Elmar1\Documents\PCSpeedUp-Silent-Update.exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[2].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[3].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[4].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[5].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[2].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[3].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[5].exe

C:\Windows\system32\tprb\dnkt.exe

C:\Windows\system32\tprb\5141\nsib.dll

C:\Windows\system32\tprb\5152\nsib.dll

C:\Windows\system32\tprb\5154\nsib.dll

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSFK_2.0.6.11[1].exe

C:\Windows\SysWOW64\mjcm\dnkt.exe

C:\Windows\SysWOW64\mjcm\5141\nsib.dll

C:\Windows\SysWOW64\mjcm\5152\nsib.dll

C:\Windows\SysWOW64\mjcm\5154\nsib.dll
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.09.2015, 19:00   #13
Eli8s
 
Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Ich möchte hier erstmal vielen Dank sagen für die Hilfe und auch für die Tipps um den Rechner sicherer zu machen Ich werde dem Forum auf jeden Fall ein bisschen was spenden.


Hier noch das geforderte Logfile:


Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-08-2015
durchgeführt von Elmar1 (2015-09-01 18:53:39) Run:1
Gestartet von F:\FRST
Geladene Profile: UpdatusUser & Elmar1 (Verfügbare Profile: UpdatusUser & Elmar1 & Eli8s & Hoffmeister)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe

C:\Users\All Users\6WinManPro6\ProtectWindowsManager.exe

C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000

C:\Users\Eli8s\Downloads\download-apache-openoffice.exe

C:\Users\Eli8s\Downloads\OpenOffice - CHIP-Installer.exe

C:\Users\Elmar1\AppData\Everything\everything.dll

C:\Users\Elmar1\AppData\Everything\helper.dll

C:\Users\Elmar1\AppData\Everything\Patch.dll

C:\Users\Elmar1\AppData\Everything\SearchHand.dll

C:\Users\Elmar1\AppData\Everything\ServiceEverything.exe

C:\Users\Elmar1\AppData\Everything\SFKEX.dll

C:\Users\Elmar1\AppData\Everything\SFKEX.exe

C:\Users\Elmar1\AppData\Everything\SFKEX64.dll

C:\Users\Elmar1\AppData\Everything\SFKEX64.exe

C:\Users\Elmar1\AppData\Everything\update.exe

C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\extensions\ffsearch_toolbar\chrome\content\toolbar.js

C:\Users\Elmar1\Documents\PCSpeedUp-Silent-Update.exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[2].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[3].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[4].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[5].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[2].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[3].exe

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[5].exe

C:\Windows\system32\tprb\dnkt.exe

C:\Windows\system32\tprb\5141\nsib.dll

C:\Windows\system32\tprb\5152\nsib.dll

C:\Windows\system32\tprb\5154\nsib.dll

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSFK_2.0.6.11[1].exe

C:\Windows\SysWOW64\mjcm\dnkt.exe

C:\Windows\SysWOW64\mjcm\5141\nsib.dll

C:\Windows\SysWOW64\mjcm\5152\nsib.dll

C:\Windows\SysWOW64\mjcm\5154\nsib.dll
Emptytemp:
         
*****************

C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe => erfolgreich verschoben
"C:\Users\All Users\6WinManPro6\ProtectWindowsManager.exe" => Datei/Ordner nicht gefunden.
C:\Users\Eli8s\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 => erfolgreich verschoben
C:\Users\Eli8s\Downloads\download-apache-openoffice.exe => erfolgreich verschoben
C:\Users\Eli8s\Downloads\OpenOffice - CHIP-Installer.exe => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\everything.dll => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\helper.dll => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\Patch.dll => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\SearchHand.dll => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\ServiceEverything.exe => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\SFKEX.dll => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\SFKEX.exe => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\SFKEX64.dll => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\SFKEX64.exe => erfolgreich verschoben
C:\Users\Elmar1\AppData\Everything\update.exe => erfolgreich verschoben
C:\Users\Elmar1\AppData\Roaming\mozilla\firefox\Profiles\x7jyxs1q.default\extensions\ffsearch_toolbar\chrome\content\toolbar.js => erfolgreich verschoben
C:\Users\Elmar1\Documents\PCSpeedUp-Silent-Update.exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[2].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[3].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[4].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[5].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[2].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[3].exe => erfolgreich verschoben
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[5].exe => erfolgreich verschoben
C:\Windows\system32\tprb\dnkt.exe => erfolgreich verschoben
C:\Windows\system32\tprb\5141\nsib.dll => erfolgreich verschoben
C:\Windows\system32\tprb\5152\nsib.dll => erfolgreich verschoben
C:\Windows\system32\tprb\5154\nsib.dll => erfolgreich verschoben
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSFK_2.0.6.11[1].exe => erfolgreich verschoben
C:\Windows\SysWOW64\mjcm\dnkt.exe => erfolgreich verschoben
C:\Windows\SysWOW64\mjcm\5141\nsib.dll => erfolgreich verschoben
C:\Windows\SysWOW64\mjcm\5152\nsib.dll => erfolgreich verschoben
C:\Windows\SysWOW64\mjcm\5154\nsib.dll => erfolgreich verschoben
EmptyTemp: => 211.2 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.. 

==== Ende von Fixlog 18:54:20 ====
         

Gruß, Eli8s

Alt 02.09.2015, 17:40   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Standard

Nach Entfernung von Schadsoftware keine Internetverbindung mehr



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Nach Entfernung von Schadsoftware keine Internetverbindung mehr
ebanking, fraudtool.yac, pup.optional.delta.a, pup.optional.dosearch.a, pup.optional.ffpluginhp.a, pup.optional.ihprotect.a, pup.optional.incredibar.a, pup.optional.installbrain.a, pup.optional.istartsurf.a, pup.optional.luckytab.a, pup.optional.mindspark.a, pup.optional.picexa.a, pup.optional.pricegong.a, pup.optional.qone8, pup.optional.quicksearch.a, pup.optional.speedchecker.a, pup.optional.suptab.a, pup.optional.sweetim.a, pup.optional.sweetpacks.a, pup.optional.sweetsearch.a, pup.optional.v9.a, pup.optional.wajam.a, pup.optional.webssearches, pup.optional.webssearches.a, pup.optional.windowsmangerprotect.a, pup.optional.wpm.a, ändern



Ähnliche Themen: Nach Entfernung von Schadsoftware keine Internetverbindung mehr


  1. Nach Adware Cleaner Meldung: "Keine Internetverbindung". Keine Updates, kein Skype u.ä. mehr möglich!
    Antiviren-, Firewall- und andere Schutzprogramme - 08.01.2015 (15)
  2. Nach Avira Update keine Internetverbindung mehr möglich
    Antiviren-, Firewall- und andere Schutzprogramme - 14.08.2014 (2)
  3. Windows 7: Schadsoftware bei Online-Banking, nach Entfernung läuft MSE nur sporadisch
    Log-Analyse und Auswertung - 13.11.2013 (16)
  4. Plötzlich keine Internetverbindung mehr
    Alles rund um Windows - 24.03.2013 (6)
  5. Keine Internetverbindung mehr nach BKA-Trojaner (glaub ich) Windows7
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (1)
  6. Nach BKA/GEMA Trojaner entfernung keine Reiter mehr zu sehen !!
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (14)
  7. Nach Entfernung SecurityShield keine Windows Firewall-Aktivierung mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (13)
  8. Keine Internetverbindung mehr möglich nach löschen von Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (1)
  9. keine Virenscanner Updates mehr nach Entfernung von System Tool
    Log-Analyse und Auswertung - 30.12.2010 (1)
  10. Nach Malwarebytes Scan und Entfernung ->div. Programme können keine Inet Verbindung mehr herstellen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.08.2010 (1)
  11. Keine Internetverbindung mehr möglich
    Log-Analyse und Auswertung - 02.06.2010 (0)
  12. Nach Viren/Trojanerfund und Browser Update keine Internetverbindung mehr...
    Plagegeister aller Art und deren Bekämpfung - 18.09.2008 (5)
  13. Keine Internetverbindung mehr - die zweite
    Log-Analyse und Auswertung - 13.08.2008 (16)
  14. Keine Internetverbindung mehr - die zweite
    Mülltonne - 07.08.2008 (0)
  15. PC hat keine Internetverbindung mehr...
    Netzwerk und Hardware - 18.06.2008 (1)
  16. keine Internetverbindung mehr moeglich
    Log-Analyse und Auswertung - 22.03.2006 (1)
  17. Keine Internetverbindung mehr nach CWS Attacke
    Log-Analyse und Auswertung - 30.03.2005 (18)

Zum Thema Nach Entfernung von Schadsoftware keine Internetverbindung mehr - Guten Abend sehr geehrte Leserinnen und Leser Heute wurde ich mit der Aufgabe beauftragt den Browser zu ändern da beim öffnen von Chrome immer eine Seite namens "istart.webssearches.com" geöffnet wird. - Nach Entfernung von Schadsoftware keine Internetverbindung mehr...
Archiv
Du betrachtest: Nach Entfernung von Schadsoftware keine Internetverbindung mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.